medusa icon indicating copy to clipboard operation
medusa copied to clipboard

Published 20 hours ago verified publisher icon crytic

Investigate 0x00/empty string serialization

Open tuturu-tech opened this issue 1 year ago • 2 comments

Medusa seems to save an empty string in the corpus for a "0x00" string input, which makes correctly parsing the corpus input values more difficult.

Example property:

    function check_specific_string(string memory provided) public {
        require(bytes(provided).length > 0);
        if (keccak256(bytes(provided)) == keccak256(bytes(hex"00"))) {
            assert(false);
        }
    }

Example corpus file:

[
 {
  "call": {
   "from": "0x0000000000000000000000000000000000030000",
   "to": "0xa647ff3c36cfab592509e13860ab8c4f28781a66",
   "nonce": 1,
   "value": "0x0",
   "gasLimit": 12500000,
   "gasPrice": "0x1",
   "gasFeeCap": "0x0",
   "gasTipCap": "0x0",
   "data": "0xe8f0d2db000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000", // <--- correctly encoded data for a non-empty string "\x00"
   "dataAbiValues": {
    "methodName": "check_specific_string",
    "inputValues": [
     "" // <--- seemingly empty string
    ]
   },
   "AccessList": null,
   "SkipAccountChecks": false
  },
  "blockNumberDelay": 1104,
  "blockTimestampDelay": 360624
 }
]

tuturu-tech avatar Jan 09 '24 17:01 tuturu-tech