trailofbits/manticore

Heuristic of the race condition detector does not give interesting result

Open

#1260 opened on Nov 5, 2018

View on GitHub
 (6 comments) (0 reactions) (0 assignees)Python (3,469 stars) (481 forks)batch import
ethereumhelp wanted

Description

Manticore version

https://github.com/trailofbits/manticore/tree/e4e0829b6c962a40356ce2d8d6ea3b5b9ad64965

Summary of the problem

The current heuristic of the race condition detector can be summarized as:

  • Does a function write to a state variable which is read by another function?

This pattern does not give any interesting results, as it matches too many code without bug.

We could follow something closer to what oyente and securify do, like:

  • Is the msg.value of an internal call independent of other transactions?

I am not sure that oyente/securify strategies give pertinent results, it may also lead to several cases where it's not a bug, so we may want to refine the heuristic.

Step to reproduce the behavior

contract ERC20{
    mapping(address => mapping(address => uint)) allowance;

    function approve(address to, uint val){
        if(allowance[msg.sender][to] + val > allowance[msg.sender][to]){
            allowance[msg.sender][to] += val;  
        }
    }

    function transfer(address from, uint val){
        if(allowance[from][msg.sender] >= val){
            allowance[from][msg.sender] -= val;
        }   
    }
}

Expected behavior

No bug

Actual behavior

$  manticore test.sol --detect-race-condition
Potential race condition (transaction order dependency):
Value has been stored in storage slot/index 107947620283194693777147330934714592376293967296602958269006860500381273712713 in transaction that called approve(address,uint256) and is now used in transaction that calls transfer(address,uint256).
An attacker seeing a transaction to transfer(address,uint256) could create a transaction to approve(address,uint256) with high gas and win a race.

Contributor guide

Tech stack
python
Domain
security
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
3-5 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Pythonsymbolic executionEthereum smart contractsrace condition detection
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
20
Research direction
The current heuristic in manticore/ethereum/detectors.py line 582 checks if a function writes to a state variable read by another function. To improve, study the approaches used by oyente and securify as mentioned in the issue. Consider implementing a heuristic that checks if msg.value of an internal call is independent of other transactions. Start by examining the existing detector code and understanding the symbolic execution framework in Manticore. Then prototype a new heuristic in a separate file and test it against the provided ERC20 contract and other known vulnerable contracts.