mythril.interfaces.cli [ERROR]: Invalid detection module: reentrancy

Question

mythril.interfaces.cli [ERROR]: Invalid detection module: reentrancy

joedakwa opened this issue 2 years ago · 8 comments

joedakwa commented 2 years ago

Trying to run this command on my smart contract:

myth analyze -m reentrancy contract.sol and i get the self-entitled error message.

I also, as a trial ran the module "ether_thief", but still got the same error message.

When i ran Myth Analyze contract.sol, it returned an integer underflow/overflow severity.

I then tried to insert the "integer" command instead for example

myth analyze -m integer.py (i also just used integer here) contract.sol

And the same error returned. Can someone advise me on what us happening here with the modules?

Thanks

Answer 1 · 2023-02-24T16:39:20.000Z

Do i need to install these modules separately at all?

Answer 2 · 2023-02-27T11:04:49.000Z

Hi @joedakwa . You can find a list of all detectors using
myth list-detectors command
The detector name for integer module is the following:
myth analyze file.sol -m IntegerArithmetics
Just a heads up, it's not worth using IntegerArithmetics module on files with recent solidity version, since all integer arithmetic edge cases are directly handled by solc.

Answer 3 · 2023-02-27T11:32:00.000Z

Hi @joedakwa . You can find a list of all detectors using myth list-detectors command The detector name for integer module is the following: myth analyze file.sol -m IntegerArithmetics Just a heads up, it's not worth using IntegerArithmetics module on files with recent solidity version, since all integer arithmetic edge cases are directly handled by solc.

This is really helpful. Quick question; i am running an audit on a smart contract however that uses 0.6.11, rather than the recent Solc version, which takes care of integer overflow/underflow issues. I guess it would be worth running in this instance?

Answer 4 · 2023-02-28T05:10:48.000Z

Yes, mythril autodetects the pragma of a solidity file. Although in some cases it might fail and raise an Exception, in such cases you can use --solv v0.6.11 arg to set the solc version to 0.6.11.
When solc version >=0.8.0 is used, integer module is not used. (although that doesn't currently happen when the version is autodetected).

Answer 5 · 2023-02-28T10:10:54.000Z

Yes, mythril autodetects the pragma of a solidity file. Although in some cases it might fail and raise an Exception, in such cases you can use --solv v0.6.11 arg to set the solc version to 0.6.11. When solc version >=0.8.0 is used, integer module is not used. (although that doesn't currently happen when the version is autodetected).

I was going to say, because when i ran Myth on the contract, a high severity issue popped up surrounding integer overflow, but the contract uses safeMath. I presume this is taken care of with 0.8.0 version, but seems to be flagged with the 0.6.11 version the contract is using? Is this something worth investigating?

Answer 6 · 2023-02-28T12:07:07.000Z

. I presume this is taken care of with 0.8.0 version, but seems to be flagged with the 0.6.11 version the contract is using? You can look where this issue pops up. Sometimes, the compiler intentionally uses overflows and underflows for optimisation.

Answer 7 · 2023-02-28T12:10:16.000Z

Right ok gotcha

Answer 8 · 2023-02-28T12:10:28.000Z

Thanks for your input