Upload New File

29f79f33 · POTHURI HARIKA · 247086f3 · 29f79f33
Commit 29f79f33 authored 2 years ago by POTHURI HARIKA
--- a/Tools/SmartCheck/Solidity/Rules/SOLIDITY_CALL_WITHOUT_DATA.md
+++ b/Tools/SmartCheck/Solidity/Rules/SOLIDITY_CALL_WITHOUT_DATA.md
+# Analysis of Smart Contract Security Vulnerabilities and Tools ![](https://img.shields.io/badge/-Live-brightgreen)
+![](https://img.shields.io/badge/Batch-UG21CYS-lightgreen) ![](https://img.shields.io/badge/Batch-PG21CYS-green) ![](https://img.shields.io/badge/Batch-UG22CYS-lightgreen) ![](https://img.shields.io/badge/Batch-PG21CYS-green) ![](https://img.shields.io/badge/Batch-PhD-darkgreen) ![](https://img.shields.io/badge/-B_RIG-darkgreen)<br/>   ![](https://img.shields.io/badge/BlockchainCourse-21CY712-green)  ![](https://img.shields.io/badge/-M.Tech_Dissertation-blue) ![](https://img.shields.io/badge/Focus-Smart_Contract_Security-yellow) <br/>
+![](https://img.shields.io/badge/Blockchain-Ethereum-blue)   <br/> 
+![](https://img.shields.io/badge/Language-Solidity-blue)
+
+## SOLIDITY_CALL_WITHOUT_DATA
+### Rule Description
+Use of low-level code call function with no arguments provided.
+
+
+### Solidity-Rules
+![](https://img.shields.io/badge/Pattern_ID-om991k-gold) ![](https://img.shields.io/badge/Severity-2-brown) 
+
+```
+functionCall
+                        [functionName/identifier[text()[1] = "call"]]
+                        [not(callArguments//expression)]
+                        [not(gas/expression)]
+
+```
+
+![](https://img.shields.io/badge/Pattern_ID-lr991l-gold) ![](https://img.shields.io/badge/Severity-2-brown) 
+
+```
+functionCall
+                        [functionName/identifier[text()[1] = "call"]]
+                        [callArguments//stringLiteral[string-length(text()) = 0]]
+                        [callArguments/tupleExpression[count(expression) = 1]]
+                        [not(gas/expression)]
+```
+
+![](https://img.shields.io/badge/Pattern_ID-111ttt-gold) ![](https://img.shields.io/badge/Severity-1-brown) 
+
+```
+functionCall
+                        [functionName/identifier[text()[1] = "call"]]
+                        [callArguments//stringLiteral[string-length(text()) = 0]]
+                        [callArguments/tupleExpression[count(expression) = 1]]
+                        [gas/expression]
+```
+
+### Sample Code
+
+```
+pragma solidity 0.4.24;
+
+contract CallValue {
+
+    function withdraw1() {
+    // <yes> <report> SOLIDITY_CALL_WITHOUT_DATA om991k
+        if (msg.sender.call.value(1)()) {
+        }
+    }
+    function withdraw2() {
+    // <yes> <report> SOLIDITY_CALL_WITHOUT_DATA om991k
+        if (msg.sender.call()) {
+        }
+    }
+    function withdraw3() {
+    // <yes> <report> SOLIDITY_CALL_WITHOUT_DATA lr991l
+        if (msg.sender.call.gas(100000)()) {
+        }
+    }
+    function withdraw4() {
+        if (msg.sender.call.value(1)(3)) {
+        }
+    }
+    function withdraw5() {
+        // <yes> <report> SOLIDITY_CALL_WITHOUT_DATA 111ppp
+        if (msg.sender.call.value(1)("")) {
+        }
+    }
+    function withdraw6() {
+        // <yes> <report> SOLIDITY_CALL_WITHOUT_DATA 111ppp
+        if (msg.sender.call("")) {
+        }
+    }
+    function withdraw7() {
+        // <yes> <report> SOLIDITY_CALL_WITHOUT_DATA 111ttt
+        if (msg.sender.call.gas(100000)("")) {
+        }
+    }
+    function withdraw8() {
+        if (msg.sender.call.value(1)(" ")) {
+        }
+    }
+    function withdraw9() {
+        if (msg.sender.call("", 1)) {
+        }
+    }
+    function withdraw10() {
+        if (msg.sender.call.gas(100000)("", 1)) {
+        }
+    }
+}
+```
+
+### Abstract Syntax Tree 
+
+[Click Here](https://astexplorer.net/#/gist/d3aa6e8f6e6d5712fb4995bd6d66bd0f/e28865d04fc3d2d3761c12b14c736bf822a7b08c) to view the AST for the above code. Code generated from AST Explorer using _solidity-parser-antlr-0.4.11_
+
+
+### Code Result
+
+```
+SOLIDITY_CALL_WITHOUT_DATA
+patternId: om991k
+severity: 2
+line: 7
+column: 23
+content: call.value(1)()
+
+ruleId: SOLIDITY_CALL_WITHOUT_DATA
+patternId: om991k
+severity: 2
+line: 12
+column: 23
+content: call()
+
+ruleId: SOLIDITY_CALL_WITHOUT_DATA
+patternId: lr991l
+severity: 1
+line: 17
+column: 23
+content: call.gas(100000)()
+
+ruleId: SOLIDITY_CALL_WITHOUT_DATA
+patternId: 111ppp
+severity: 2
+line: 26
+column: 23
+content: call.value(1)("")
+
+ruleId: SOLIDITY_CALL_WITHOUT_DATA
+patternId: 111ppp
+severity: 2
+line: 31
+column: 23
+content: call("")
+
+ruleId: SOLIDITY_CALL_WITHOUT_DATA
+patternId: 111ttt
+severity: 1
+line: 36
+column: 23
+content: call.gas(100000)("")
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 7
+column: 23
+content: call.value(1)()
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 12
+column: 23
+content: call()
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 17
+column: 23
+content: call.gas(100000)()
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 44
+column: 23
+content: call("",1)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 48
+column: 23
+content: call.gas(100000)("",1)
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 5
+column: 4
+content: functionwithdraw1(){if(msg.sender.call.value(1)()){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 10
+column: 4
+content: functionwithdraw2(){if(msg.sender.call()){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 15
+column: 4
+content: functionwithdraw3(){if(msg.sender.call.gas(100000)()){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 20
+column: 4
+content: functionwithdraw4(){if(msg.sender.call.value(1)(3)){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 24
+column: 4
+content: functionwithdraw5(){if(msg.sender.call.value(1)("")){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 29
+column: 4
+content: functionwithdraw6(){if(msg.sender.call("")){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 34
+column: 4
+content: functionwithdraw7(){if(msg.sender.call.gas(100000)("")){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 39
+column: 4
+content: functionwithdraw8(){if(msg.sender.call.value(1)(" ")){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 43
+column: 4
+content: functionwithdraw9(){if(msg.sender.call("",1)){}}
+
+ruleId: SOLIDITY_VISIBILITY
+patternId: 910067
+severity: 1
+line: 47
+column: 4
+content: functionwithdraw10(){if(msg.sender.call.gas(100000)("",1)){}}
+
+SOLIDITY_VISIBILITY :10
+SOLIDITY_UPGRADE_TO_050 :5
+SOLIDITY_CALL_WITHOUT_DATA :6
+
+
+```