Error when running Securify on bytecode hex file

Question

Error when running Securify on bytecode hex file

bishwascg opened this issue 6 years ago · 8 comments

Running Securify on a bytecode hex file gives the following error -
I'm running the latest build.

java -jar build/libs/securify-0.1.jar -fh contract.hex

Attempt to decompile the contract with methods... Failed to decompile methods. Attempt to decompile the contract without identifying methods... Decompilation failed. Error in Securify Exception in thread "main" java.lang.NullPointerException at ch.securify.decompiler.DestackerFallback.findJumpCondition(DestackerFallback.java:403) at ch.securify.decompiler.DestackerFallback.handleStackMerging(DestackerFallback.java:356) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:205) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:201) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:131) at ch.securify.decompiler.DecompilerFallback.decompile(DecompilerFallback.java:73) at ch.securify.Main.decompileContract(Main.java:299) at ch.securify.Main.processHexFile(Main.java:163) at ch.securify.Main.main(Main.java:273)

contract.hex -
60606040526004361061012f5763ffffffff60e060020a60003504166325e89283811461013a5780632c4e722e146101615780632f923c59146101865780633197cbb6146101995780634042b66f146101ac578063471efce5146101bf5780634dc8ed02146101d257806350669a03146101e8578063518ab2a8146101fb578063521eb2731461020e57806360219c7b1461023d5780636317cc5b146102505780636cd022971461026357806378e97925146102855780637d64bcb4146102985780638746656f146102ab5780638da5cb5b146102c1578063a67bb583146102d4578063ccd65c0a146102e7578063da74ce27146102fa578063ec8ac4d81461030d578063ecb70fb714610321578063f2a0928d14610334578063f2fde38b14610347578063fc0c546a14610366575b61013833610379565b005b341561014557600080fd5b61014d6104c9565b604051901515815260200160405180910390f35b341561016c57600080fd5b6101746104d2565b60405190815260200160405180910390f35b341561019157600080fd5b6101746104d8565b34156101a457600080fd5b6101746104de565b34156101b757600080fd5b6101746104e4565b34156101ca57600080fd5b6101746104ea565b34156101dd57600080fd5b6101746004356104f0565b34156101f357600080fd5b610138610504565b341561020657600080fd5b610174610574565b341561021957600080fd5b61022161057a565b604051600160a060020a03909116815260200160405180910390f35b341561024857600080fd5b610174610589565b341561025b57600080fd5b61017461058f565b341561026e57600080fd5b610138600160a060020a0360043516602435610595565b341561029057600080fd5b610174610688565b34156102a357600080fd5b61013861068e565b34156102b657600080fd5b61013860043561070e565b34156102cc57600080fd5b610221610782565b34156102df57600080fd5b610174610791565b34156102f257600080fd5b610138610797565b341561030557600080fd5b610174610867565b610138600160a060020a0360043516610379565b341561032c57600080fd5b61014d61086d565b341561033f57600080fd5b610174610876565b341561035257600080fd5b610138600160a060020a036004351661087c565b341561037157600080fd5b610221610917565b6000610383610926565b80156103925750600754601354105b151561039d57600080fd5b600160a060020a038216158015906103bd575067016345785d8a00003410155b15156103c857600080fd5b601154421161040d57600254601354106103e157600080fd5b600b54610406906103f990600263ffffffff61095616565b349063ffffffff61095616565b905061042c565b60125460ff16151561041e57600080fd5b6104296103f961098c565b90505b60135461043f908263ffffffff6109f216565b601355600154600160a060020a03166340c10f19838360006040516020015260405160e060020a63ffffffff8516028152600160a060020a0390921660048301526024820152604401602060405180830381600087803b15156104a157600080fd5b6102c65a03f115156104b257600080fd5b50505060405180519050506104c5610a01565b5050565b60125460ff1681565b600b5481565b60035481565b60095481565b600c5481565b60025481565b600d81600481106104fd57fe5b0154905081565b60005433600160a060020a0390811691161461051f57600080fd5b600154600160a060020a0316633f4ba83a6040518163ffffffff1660e060020a028152600401600060405180830381600087803b151561055e57600080fd5b6102c65a03f1151561056f57600080fd5b505050565b60135481565b600a54600160a060020a031681565b60075481565b60055481565b60005433600160a060020a039081169116146105b057600080fd5b6007546013546105c6908363ffffffff6109f216565b11156105d157600080fd5b6000811180156105e95750600160a060020a03821615155b15156105f457600080fd5b601354610607908263ffffffff6109f216565b601355600154600160a060020a03166340c10f19838360006040516020015260405160e060020a63ffffffff8516028152600160a060020a0390921660048301526024820152604401602060405180830381600087803b151561066957600080fd5b6102c65a03f1151561067a57600080fd5b505050604051805150505050565b60085481565b60005433600160a060020a039081169116146106a957600080fd5b600154600160a060020a0316637d64bcb46000604051602001526040518163ffffffff1660e060020a028152600401602060405180830381600087803b15156106f157600080fd5b6102c65a03f1151561070257600080fd5b50505060405180515050565b60005433600160a060020a0390811691161461072957600080fd5b8060095410801561073c575060125460ff165b151561074757600080fd5b60098190557f510de15a452138d481e5e964b168dcec3480a1fa9f68b18bd243765e153c888f8160405190815260200160405180910390a150565b600054600160a060020a031681565b60045481565b6000805433600160a060020a039081169116146107b357600080fd5b6011544211806107c7575060025460135410155b15156107d257600080fd5b60125460ff16156107e257600080fd5b6011544210156107f157426011555b6012805460ff191660011790556108114262093a8063ffffffff6109f216565b600d555060015b600481101561085e5761084762093a80600d60001984016004811061083957fe5b01549063ffffffff6109f216565b600d826004811061085457fe5b0155600101610818565b50601054600955565b60065481565b60095442115b90565b60115481565b60005433600160a060020a0390811691161461089757600080fd5b600160a060020a03811615156108ac57600080fd5b600054600160a060020a0380831691167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a36000805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a0392909216919091179055565b600154600160a060020a031681565b6000806000600854421015801561093f57506009544211155b91505034151581801561094f5750805b9250505090565b6000808315156109695760009150610985565b5082820282848281151561097957fe5b041461098157fe5b8091505b5092915050565b6000601154421180156109a25750600754601354105b156109eb576109e4600b546109d860646109cc6109bd610a37565b600b549063ffffffff61095616565b9063ffffffff610ba616565b9063ffffffff6109f216565b9050610873565b50600b5490565b60008282018381101561098157fe5b600a54600160a060020a03163480156108fc0290604051600060405180830381858888f193505050501515610a3557600080fd5b565b600080600080600654601354101515610a4f57600080fd5b5042915060005b6004811015610a8757600d8160048110610a6c57fe5b01548311610a7f57806001019150610a87565b600101610a56565b816001148015610a9a5750600354601354105b15610aa457601493505b816001148015610ab8575060035460135410155b15610ac257600f93505b816001148015610ad6575060045460135410155b15610ae057600a93505b816001148015610af4575060055460135410155b15610afe57600093505b816002148015610b115750600454601354105b15610b1b57600f93505b816002148015610b2f575060045460135410155b15610b3957600a93505b816002148015610b4d575060055460135410155b15610b5757600093505b816003148015610b6a5750600554601354105b15610b7457600a93505b816003148015610b88575060055460135410155b15610b9257600093505b8160041415610ba057600093505b50505090565b6000808284811515610bb457fe5b049493505050505600a165627a7a72305820262ab9d58bca518df4fce066a7ed7b41a54e72aa17aad296a0b6418a2b75266e0029

This is the contract present at address 0x73Dac1423d69651a6F85462B45260f7c05de3548 on the ethereum blockchain.

Any help would be appreciated.

Answer 1 · 2019-01-03T10:22:41.000Z

How did you get this bytecode? Which solc version?

Securify appears to run fine with -fs c.sol using the Solidity code in https://etherscan.io/address/0x73Dac1423d69651a6F85462B45260f7c05de3548#code. It also doesn't fail with the corresponding bytecode.

Answer 2 · 2019-01-03T13:43:00.000Z

I'm not using the solidity source code.
I'm running it on the contract bytecode available on etherchain here - https://www.etherchain.org/account/73Dac1423d69651a6F85462B45260f7c05de3548#code
Somehow the bytecodes on etherchain and etherscan seem to be different. Any reason why?

Answer 3 · 2019-01-03T13:57:10.000Z

No I don't know anything about etherchain to be honest.

Answer 4 · 2019-01-03T15:56:31.000Z

Hey @bishwascg

for verified contracts, Etherscan shows the constructor code (i.e. it says Contract Creation Code). Etherchain, however, shows the actual contract code. Therefore, the Etherchain is the right one to use for securify and should work.

We are currently investigating a similar error and will also check out this one.

Thanks for your report.

Answer 5 · 2019-01-03T15:57:51.000Z

@hiqua According to Etherscan it was compiled with v0.4.18+commit.9cf6e910 with optimization enabled. (https://etherscan.io/address/0x73Dac1423d69651a6F85462B45260f7c05de3548#code)

Answer 6 · 2019-01-03T16:32:22.000Z

Yes I can reproduce it with 0.4.18 and --optimize, progress is tracked in #26.

Answer 7 · 2019-01-22T08:36:22.000Z

Seemingly solved in #81.

Answer 8 · 2019-01-29T17:16:49.000Z

Please let us know if this still doesn't work with the last commit on master!