ityfuzz
ityfuzz copied to clipboard
fuzzland
Ityfuzz ignores contract ownership
Following contracts give corpus items with non-reverted status, though in fact default callers don't have permission to call functions due to onlyGovernor modifier. I thought that there is some voting mechanism based on token quantity, but even with flashloan and oracles disabled result doesn't change.
ETH: 0x72426BA137DEC62657306b12B1E869d43FeC6eC7,0xa7695eED05094E28AA575CB0cCa3CF17848a7981,0x0D017aFA83EAce9F10A8EC5B6E13941664A6785C,0xc0F42F73b8f01849a2DD99753524d4ba14317EB3,0x77314EB392b2be47C014cde0706908b3307Ad6a9,0xcecaD69d7D4Ed6D52eFcFA028aF8732F27e08F70,0x9c354503c38481a7a7a51629142963f98ecc12d0,0x80c898ae5e56f888365e235ceb8cea3eb726cb58,0x5A4eEe58744D1430876d5cA93cAB5CcB763C037D,0xDcEe70654261AF21C44c093C300eD3Bb97b78192,0x501804B374EF06fa9C427476147ac09F1551B9A0,0x3fF8654D633D4Ea0faE24c52Aec73B4A20D0d0e5,0x0c4576ca1c365868e162554af8e385dc3e7c66d9,0x89eb88fedc50fc77ae8a18aad1ca0ac27f777a90,0x21fb5812d70b3396880d30e90d9e5c1202266c89,0x2A8e1E676Ec238d8A992307B495b45B3fEAa5e86,0x5e3646A1Db86993f73E6b74A57D8640B69F7e259,0x1827F9eA98E0bf96550b2FC20F7233277FcD7E63,0x7d82e86cf1496f9485a8ea04012afeb3c7489397,0xe75d77b1865ae93c7eaa3040b038d7aa7bc02f70,0x39254033945AA2E4809Cc2977E7087BEE48bd7Ab,0xea2ef2e2e5a749d4a66b41db9ad85a38aa264cb3,0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3,0x9c459eeb3FA179a40329b81C1635525e9A0Ef094
The problem lies again at control leak check. evm/host.rs.
And different methods that are protected by modifiers occurs in both 3 places in fn call(&mut self, input: &mut CallInputs, state: &mut S) -> (InstructionResult, Gas, Bytes) where ControlLeak could be returned.
As well as this, I investigated that many ordinary calls are not marked as reverted due to this issue.
Maybe this place should be refactored. Is it ok to finish call execution, and not return ControlLeak, but pass it as another field?
