Update evm examples

examples/evm/complete.py

@@ -37,7 +37,7 @@
 )
 
 print("[+] Resulting balances are:")
-for state in m.running_states:
+for state in m.all_states:
     balance = state.platform.get_balance(int(user_account))
     print(state.solve_one(balance))
 

examples/evm/coverage.py

@@ -29,7 +29,7 @@
 )
 
 print(f"[+] There are {m.count_terminated_states()} reverted states now")
-print(f"[+] There are {m.count_running_states()} alive states now")
+print(f"[+] There are {m.count_busy_states()} alive states now")
 # for state_id in m.running_state_ids:
 #     print(m.report(state_id))
 

examples/evm/reentrancy_concrete.py

@@ -10,14 +10,14 @@
 
 contract Reentrance {
     mapping (address => uint) userBalance;
-   
+
     function getBalance(address u) constant returns(uint){
         return userBalance[u];
     }
 
     function addToBalance() payable{
         userBalance[msg.sender] += msg.value;
-    }   
+    }
 
     function withdrawBalance(){
         // send userBalance[msg.sender] ethers to msg.sender
@@ -26,9 +26,9 @@
            revert();
         }
         userBalance[msg.sender] = 0;
-    }   
+    }
 }
-//Function signatures: 
+//Function signatures:
 //c0e317fb: addToBalance()
 //f8b2cb4f: getBalance(address)
 //5fd8c710: withdrawBalance()
@@ -38,7 +38,7 @@
 pragma solidity ^0.4.15;
 
 contract GenericReentranceExploit {
-    int reentry_reps=10; 
+    int reentry_reps=10;
     address vulnerable_contract;
     address owner;
     bytes reentry_attack_string;
@@ -87,7 +87,8 @@
 contract_account = m.solidity_create_contract(
     contract_source_code, owner=user_account
 )  # Not payable
-m.world.set_balance(contract_account, 1000000000000000000)  # give it some ether
+for i in m.all_states:
+    i.platform.set_balance(contract_account, 1000000000000000000)  # give it some ether
 
 exploit_account = m.solidity_create_contract(exploit_source_code, owner=attacker_account)
 
@@ -101,16 +102,18 @@
 exploit_account.set_reentry_attack_string(reentry_string)
 
 print("[+] Initial world state")
-print(
-    f" attacker_account {attacker_account.address:x} balance: {m.get_balance(attacker_account.address)}"
-)
-print(
-    f" exploit_account {exploit_account.address} balance: {m.get_balance(exploit_account.address)}"
-)
-print(f" user_account {user_account.address:x} balance: {m.get_balance(user_account.address)}")
-print(
-    f" contract_account {contract_account.address:x} balance: {m.get_balance(contract_account.address)}"
-)
+for i in m.all_states:
+    i = i.platform
+    print(
+        f" attacker_account {attacker_account.address:x} balance: {i.get_balance(attacker_account.address)}"
+    )
+    print(
+        f" exploit_account {exploit_account.address} balance: {i.get_balance(exploit_account.address)}"
+    )
+    print(f" user_account {user_account.address:x} balance: {i.get_balance(user_account.address)}")
+    print(
+        f" contract_account {contract_account.address:x} balance: {i.get_balance(contract_account.address)}"
+    )
 
 
 # User deposits all in contract
@@ -127,13 +130,15 @@
 print("[+] Let attacker destroy the exploit contract and profit")
 exploit_account.get_money()
 
-print(
-    f" attacker_account {attacker_account.address:x} balance: {m.get_balance(attacker_account.address)}"
-)
-print(f" user_account {user_account.address:x} balance: {m.get_balance(user_account.address)}")
-print(
-    f" contract_account {contract_account.address:x} balance: {m.get_balance(contract_account.address)}"
-)
+for i in m.all_states:
+    i = i.platform
+    print(
+        f" attacker_account {attacker_account.address:x} balance: {i.get_balance(attacker_account.address)}"
+    )
+    print(f" user_account {user_account.address:x} balance: {i.get_balance(user_account.address)}")
+    print(
+        f" contract_account {contract_account.address:x} balance: {i.get_balance(contract_account.address)}"
+    )
 
 m.finalize()
 print(f"[+] Look for results in {m.workspace}")

examples/evm/use_def.py

@@ -5,7 +5,6 @@
 ################ Script #######################
 
 m = ManticoreEVM()
-m.verbosity(0)
 # And now make the contract account to analyze
 # cat  | solc --bin
 source_code = """
@@ -18,80 +17,63 @@
         c =0;
         enabled = false;
         i = false;
-        
+
     }
     function f1() public {
         c+=1;
     }
     function f2() public {
         if(c>100)
             enabled=true;
-        
+
     }
     function f3() public{
-        if (!enabled) 
+        if (!enabled)
             return;
         i = true;
-        
+
     }
 }
 """
 print(source_code)
 
 
 class EVMUseDef(Plugin):
-    def _get_concrete_hex(self, state, array):
-        r = ""
-        for i in array:
-            l = state.solve_n(i, 2)
-            if len(l) == 1:
-                r += "%02x" % l[0]
-        if len(r) != 8:
-            return
-        return r
-
     def did_evm_write_storage_callback(self, state, address, offset, value):
         m = self.manticore
         world = state.platform
         tx = world.all_transactions[-1]
         md = m.get_metadata(tx.address)
-
-        r = self._get_concrete_hex(state, tx.data[0:4])
-        if r is None:
-            return
-
-        offsets = state.solve_n(offset, 3000)
-        with self.locked_context("storage_writes", dict) as storage_writes:
-            contract_function = (md.name, md.get_func_name(r))
-            if contract_function not in storage_writes:
-                storage_writes[contract_function] = set()
-            for off in offsets:
-                storage_writes[contract_function].add(off)
+        if md:
+            offsets = state.solve_n(offset, 3000)
+            with self.locked_context("storage_writes", dict) as storage_writes:
+                contract_function = (md.name, md.get_func_name(state.solve_one(tx.data[0:4])))
+                if contract_function not in storage_writes:
+                    storage_writes[contract_function] = set()
+                for off in offsets:
+                    storage_writes[contract_function].add(off)
 
     def did_evm_read_storage_callback(self, state, address, offset, value):
         m = self.manticore
         world = state.platform
         tx = world.all_transactions[-1]
         md = m.get_metadata(tx.address)
+        if md:
+            offsets = state.solve_n(offset, 3000)
+            with self.locked_context("storage_reads", dict) as storage_reads:
+                contract_function = (md.name, md.get_func_name(state.solve_one(tx.data[0:4])))
+                if contract_function not in storage_reads:
+                    storage_reads[contract_function] = set()
+                for off in offsets:
+                    storage_reads[contract_function].add(off)
 
-        r = self._get_concrete_hex(state, tx.data[0:4])
-        if r is None:
-            return
-
-        offsets = state.solve_n(offset, 3000)
-        with self.locked_context("storage_reads", dict) as storage_reads:
-            contract_function = (md.name, md.get_func_name(r))
-            if contract_function not in storage_reads:
-                storage_reads[contract_function] = set()
-            for off in offsets:
-                storage_reads[contract_function].add(off)
 
+p = EVMUseDef()
+m.register_plugin(p)
 
 # Initialize accounts
 user_account = m.create_account(balance=1000)
 contract_account = m.solidity_create_contract(source_code, owner=user_account)
-p = EVMUseDef()
-m.register_plugin(p)
 
 symbolic_data = m.make_symbolic_buffer(320)
 symbolic_value = m.make_symbolic_value()