Add unchecked assembly, add gitignore, cleanup

.gitignore

@@ -0,0 +1,4 @@
+*.log
+*.aux
+*.blg
+*.gz

SemSEpaper/exercises.aux

@@ -1,25 +0,0 @@
-\relax 
-\bibstyle{plain}
-\providecommand \oddpage@label [2]{}
-\@writefile{toc}{\contentsline {section}{\numberline {1}Weakness and consequences}{1}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {1.1}Solidity storage layout}{1}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {1.2}The Weakness}{1}{}\protected@file@percent }
-\citation{securify}
-\citation{teether}
-\@writefile{loa}{\contentsline {algocf}{\numberline {1}{\ignorespaces A completely unchecked array write}}{2}{}\protected@file@percent }
-\@writefile{loa}{\contentsline {algocf}{\numberline {2}{\ignorespaces An incorrectly managed array length}}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {2}Vulnerable contracts in literature}{2}{}\protected@file@percent }
-\citation{securify}
-\citation{teether}
-\citation{fuzzdrivegen}
-\citation{smartian}
-\citation{doughoyte}
-\bibdata{exercise.bib}
-\bibcite{smartian}{1}
-\bibcite{doughoyte}{2}
-\bibcite{teether}{3}
-\bibcite{fuzzdrivegen}{4}
-\@writefile{toc}{\contentsline {section}{\numberline {3}Code properties and automatic detection}{3}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {4}Exploit sketch}{3}{}\protected@file@percent }
-\bibcite{securify}{5}
-\gdef \@abspage@last{4}

SemSEpaper/exercises.blg

@@ -1,48 +0,0 @@
-This is BibTeX, Version 0.99d
-Capacity: max_strings=200000, hash_size=200000, hash_prime=170003
-The top-level auxiliary file: exercises.aux
-Reallocating 'name_of_file' (item size: 1) to 6 items.
-The style file: plain.bst
-Reallocating 'name_of_file' (item size: 1) to 13 items.
-Database file #1: exercise.bib
-You've used 5 entries,
-            2118 wiz_defined-function locations,
-            528 strings with 5241 characters,
-and the built_in function-call counts, 2246 in all, are:
-= -- 224
-> -- 114
-< -- 3
-+ -- 45
-- -- 40
-* -- 142
-:= -- 346
-add.period$ -- 18
-call.type$ -- 5
-change.case$ -- 35
-chr.to.int$ -- 0
-cite$ -- 5
-duplicate$ -- 98
-empty$ -- 166
-format.name$ -- 40
-if$ -- 502
-int.to.chr$ -- 0
-int.to.str$ -- 5
-missing$ -- 4
-newline$ -- 28
-num.names$ -- 10
-pop$ -- 49
-preamble$ -- 1
-purify$ -- 30
-quote$ -- 0
-skip$ -- 81
-stack$ -- 0
-substring$ -- 107
-swap$ -- 41
-text.length$ -- 3
-text.prefix$ -- 0
-top$ -- 0
-type$ -- 20
-warning$ -- 0
-while$ -- 16
-width$ -- 6
-write$ -- 62

SemSEpaper/exercises.log

@@ -1,650 +0,0 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.25 (MiKTeX 23.5) (preloaded format=pdflatex 2023.6.4)  27 OCT 2023 11:03
-entering extended mode
- restricted \write18 enabled.
- %&-line parsing enabled.
-**./exercises.tex
-(exercises.tex
-LaTeX2e <2022-11-01> patch level 1
-L3 programming layer <2023-05-15>
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/base\article.cls
-Document Class: article 2022/07/02 v1.4n Standard LaTeX document class
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/base\size10.clo
-File: size10.clo 2022/07/02 v1.4n Standard LaTeX file (size option)
-)
-\c@part=\count185
-\c@section=\count186
-\c@subsection=\count187
-\c@subsubsection=\count188
-\c@paragraph=\count189
-\c@subparagraph=\count190
-\c@figure=\count191
-\c@table=\count192
-\abovecaptionskip=\skip48
-\belowcaptionskip=\skip49
-\bibindent=\dimen140
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/base\latexsym.sty
-Package: latexsym 1998/08/17 v2.2e Standard LaTeX package (lasy symbols)
-\symlasy=\mathgroup4
-LaTeX Font Info:    Overwriting symbol font `lasy' in version `bold'
-(Font)                  U/lasy/m/n --> U/lasy/b/n on input line 52.
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/amsfonts\amssymb.sty
-Package: amssymb 2013/01/14 v3.01 AMS font symbols
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/amsfonts\amsfonts.sty
-Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support
-\@emptytoks=\toks16
-\symAMSa=\mathgroup5
-\symAMSb=\mathgroup6
-LaTeX Font Info:    Redeclaring math symbol \hbar on input line 98.
-LaTeX Font Info:    Overwriting math alphabet `\mathfrak' in version `bold'
-(Font)                  U/euf/m/n --> U/euf/b/n on input line 106.
-)) (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics\epsfig.sty
-Package: epsfig 2017/06/25 v1.7b (e)psfig emulation (SPQR)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics\graphicx.sty
-Package: graphicx 2021/09/16 v1.2d Enhanced LaTeX Graphics (DPC,SPQR)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics\keyval.sty
-Package: keyval 2022/05/29 v1.15 key=value parser (DPC)
-\KV@toks@=\toks17
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics\graphics.sty
-Package: graphics 2022/03/10 v1.4e Standard LaTeX Graphics (DPC,SPQR)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics\trig.sty
-Package: trig 2021/08/11 v1.11 sin cos tan (DPC)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics-cfg\graphics.
-cfg
-File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration
-)
-Package graphics Info: Driver file: pdftex.def on input line 107.
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics-def\pdftex.de
-f
-File: pdftex.def 2022/09/22 v1.2b Graphics/color driver for pdftex
-))
-\Gin@req@height=\dimen141
-\Gin@req@width=\dimen142
-)
-\epsfxsize=\dimen143
-\epsfysize=\dimen144
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/preprint\fullpage.sty
-Package: fullpage 1999/02/23 1.1 (PWD)
-\FP@margin=\skip50
-) (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/tools\enumerate.sty
-Package: enumerate 2015/07/23 v3.00 enumerate extensions (DPC)
-\@enLab=\toks18
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/tools\xspace.sty
-Package: xspace 2014/10/28 v1.13 Space after command names (DPC,MH)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/todonotes\todonotes.st
-y
-Package: todonotes 2023/01/31 v1.1.6 Todonotes source and documentation.
-Package: todonotes 2023/01/31
- (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/base\ifthen.sty
-Package: ifthen 2022/04/13 v1.1d Standard LaTeX ifthen package (DPC)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/xkeyval\xkeyval.sty
-Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/xkeyval\xkeyval.tex
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/xkeyval\xkvutils.tex
-\XKV@toks=\toks19
-\XKV@tempa@toks=\toks20
-)
-\XKV@depth=\count193
-File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
-)) (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/xcolor\xcolor.sty
-Package: xcolor 2022/06/12 v2.14 LaTeX color extensions (UK)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics-cfg\color.cfg
-File: color.cfg 2016/01/02 v1.6 sample color configuration
-)
-Package xcolor Info: Driver file: pdftex.def on input line 227.
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/graphics\mathcolor.ltx
-)
-Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1353.
-Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1357.
-Package xcolor Info: Model `RGB' extended on input line 1369.
-Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1371.
-Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1372.
-Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1373.
-Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1374.
-Package xcolor Info: Model `Gray' substituted by `gray' on input line 1375.
-Package xcolor Info: Model `wave' substituted by `hsb' on input line 1376.
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/frontendlayer\tikz
-.sty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/basiclayer\pgf.sty
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/utilities\pgfrcs.s
-ty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgfuti
-l-common.tex
-\pgfutil@everybye=\toks21
-\pgfutil@tempdima=\dimen145
-\pgfutil@tempdimb=\dimen146
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgfuti
-l-latex.def
-\pgfutil@abb=\box51
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgfrcs
-.code.tex
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf\pgf.revision.tex
-)
-Package: pgfrcs 2023-01-15 v3.1.10 (3.1.10)
-))
-Package: pgf 2023-01-15 v3.1.10 (3.1.10)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/basiclayer\pgfcore
-.sty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/systemlayer\pgfsys
-.sty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/systemlayer\pgfs
-ys.code.tex
-Package: pgfsys 2023-01-15 v3.1.10 (3.1.10)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgfkey
-s.code.tex
-\pgfkeys@pathtoks=\toks22
-\pgfkeys@temptoks=\toks23
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgfkey
-slibraryfiltered.code.tex
-\pgfkeys@tmptoks=\toks24
-))
-\pgf@x=\dimen147
-\pgf@y=\dimen148
-\pgf@xa=\dimen149
-\pgf@ya=\dimen150
-\pgf@xb=\dimen151
-\pgf@yb=\dimen152
-\pgf@xc=\dimen153
-\pgf@yc=\dimen154
-\pgf@xd=\dimen155
-\pgf@yd=\dimen156
-\w@pgf@writea=\write3
-\r@pgf@reada=\read2
-\c@pgf@counta=\count194
-\c@pgf@countb=\count195
-\c@pgf@countc=\count196
-\c@pgf@countd=\count197
-\t@pgf@toka=\toks25
-\t@pgf@tokb=\toks26
-\t@pgf@tokc=\toks27
-\pgf@sys@id@count=\count198
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/systemlayer\pgf.
-cfg
-File: pgf.cfg 2023-01-15 v3.1.10 (3.1.10)
-)
-Driver file for pgf: pgfsys-pdftex.def
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/systemlayer\pgfs
-ys-pdftex.def
-File: pgfsys-pdftex.def 2023-01-15 v3.1.10 (3.1.10)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/systemlayer\pgfs
-ys-common-pdf.def
-File: pgfsys-common-pdf.def 2023-01-15 v3.1.10 (3.1.10)
-)))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/systemlayer\pgfs
-yssoftpath.code.tex
-File: pgfsyssoftpath.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgfsyssoftpath@smallbuffer@items=\count199
-\pgfsyssoftpath@bigbuffer@items=\count266
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/systemlayer\pgfs
-ysprotocol.code.tex
-File: pgfsysprotocol.code.tex 2023-01-15 v3.1.10 (3.1.10)
-))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-re.code.tex
-Package: pgfcore 2023-01-15 v3.1.10 (3.1.10)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmath.cod
-e.tex
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathutil
-.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathpars
-er.code.tex
-\pgfmath@dimen=\dimen157
-\pgfmath@count=\count267
-\pgfmath@box=\box52
-\pgfmath@toks=\toks28
-\pgfmath@stack@operand=\toks29
-\pgfmath@stack@operation=\toks30
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.basic.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.trigonometric.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.random.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.comparison.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.base.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.round.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.misc.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfunc
-tions.integerarithmetics.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathcalc
-.code.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmathfloa
-t.code.tex
-\c@pgfmathroundto@lastzeros=\count268
-))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfint.code
-.tex)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-repoints.code.tex
-File: pgfcorepoints.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgf@picminx=\dimen158
-\pgf@picmaxx=\dimen159
-\pgf@picminy=\dimen160
-\pgf@picmaxy=\dimen161
-\pgf@pathminx=\dimen162
-\pgf@pathmaxx=\dimen163
-\pgf@pathminy=\dimen164
-\pgf@pathmaxy=\dimen165
-\pgf@xx=\dimen166
-\pgf@xy=\dimen167
-\pgf@yx=\dimen168
-\pgf@yy=\dimen169
-\pgf@zx=\dimen170
-\pgf@zy=\dimen171
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-repathconstruct.code.tex
-File: pgfcorepathconstruct.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgf@path@lastx=\dimen172
-\pgf@path@lasty=\dimen173
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-repathusage.code.tex
-File: pgfcorepathusage.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgf@shorten@end@additional=\dimen174
-\pgf@shorten@start@additional=\dimen175
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-rescopes.code.tex
-File: pgfcorescopes.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgfpic=\box53
-\pgf@hbox=\box54
-\pgf@layerbox@main=\box55
-\pgf@picture@serial@count=\count269
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-regraphicstate.code.tex
-File: pgfcoregraphicstate.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgflinewidth=\dimen176
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-retransformations.code.tex
-File: pgfcoretransformations.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgf@pt@x=\dimen177
-\pgf@pt@y=\dimen178
-\pgf@pt@temp=\dimen179
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-requick.code.tex
-File: pgfcorequick.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-reobjects.code.tex
-File: pgfcoreobjects.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-repathprocessing.code.tex
-File: pgfcorepathprocessing.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-rearrows.code.tex
-File: pgfcorearrows.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgfarrowsep=\dimen180
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-reshade.code.tex
-File: pgfcoreshade.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgf@max=\dimen181
-\pgf@sys@shading@range@num=\count270
-\pgf@shadingcount=\count271
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-reimage.code.tex
-File: pgfcoreimage.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-reexternal.code.tex
-File: pgfcoreexternal.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgfexternal@startupbox=\box56
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-relayers.code.tex
-File: pgfcorelayers.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-retransparency.code.tex
-File: pgfcoretransparency.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-repatterns.code.tex
-File: pgfcorepatterns.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/basiclayer\pgfco
-rerdf.code.tex
-File: pgfcorerdf.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/modules\pgfmodul
-eshapes.code.tex
-File: pgfmoduleshapes.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgfnodeparttextbox=\box57
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/modules\pgfmodul
-eplot.code.tex
-File: pgfmoduleplot.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/compatibility\pgfc
-omp-version-0-65.sty
-Package: pgfcomp-version-0-65 2023-01-15 v3.1.10 (3.1.10)
-\pgf@nodesepstart=\dimen182
-\pgf@nodesepend=\dimen183
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/compatibility\pgfc
-omp-version-1-18.sty
-Package: pgfcomp-version-1-18 2023-01-15 v3.1.10 (3.1.10)
-))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/utilities\pgffor.s
-ty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/utilities\pgfkeys.
-sty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgfkey
-s.code.tex))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/pgf/math\pgfmath.sty
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/math\pgfmath.cod
-e.tex))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/utilities\pgffor
-.code.tex
-Package: pgffor 2023-01-15 v3.1.10 (3.1.10)
-\pgffor@iter=\dimen184
-\pgffor@skip=\dimen185
-\pgffor@stack=\toks31
-\pgffor@toks=\toks32
-))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/frontendlayer/ti
-kz\tikz.code.tex
-Package: tikz 2023-01-15 v3.1.10 (3.1.10)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/libraries\pgflib
-raryplothandlers.code.tex
-File: pgflibraryplothandlers.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgf@plot@mark@count=\count272
-\pgfplotmarksize=\dimen186
-)
-\tikz@lastx=\dimen187
-\tikz@lasty=\dimen188
-\tikz@lastxsaved=\dimen189
-\tikz@lastysaved=\dimen190
-\tikz@lastmovetox=\dimen191
-\tikz@lastmovetoy=\dimen192
-\tikzleveldistance=\dimen193
-\tikzsiblingdistance=\dimen194
-\tikz@figbox=\box58
-\tikz@figbox@bg=\box59
-\tikz@tempbox=\box60
-\tikz@tempbox@bg=\box61
-\tikztreelevel=\count273
-\tikznumberofchildren=\count274
-\tikznumberofcurrentchild=\count275
-\tikz@fig@count=\count276
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/modules\pgfmodul
-ematrix.code.tex
-File: pgfmodulematrix.code.tex 2023-01-15 v3.1.10 (3.1.10)
-\pgfmatrixcurrentrow=\count277
-\pgfmatrixcurrentcolumn=\count278
-\pgf@matrix@numberofcolumns=\count279
-)
-\tikz@expandcount=\count280
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/frontendlayer/ti
-kz/libraries\tikzlibrarytopaths.code.tex
-File: tikzlibrarytopaths.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)))
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/generic/pgf/frontendlayer/ti
-kz/libraries\tikzlibrarypositioning.code.tex
-File: tikzlibrarypositioning.code.tex 2023-01-15 v3.1.10 (3.1.10)
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/tools\calc.sty
-Package: calc 2017/05/25 v4.3 Infix arithmetic (KKT,FJ)
-\calc@Acount=\count281
-\calc@Bcount=\count282
-\calc@Adimen=\dimen195
-\calc@Bdimen=\dimen196
-\calc@Askip=\skip51
-\calc@Bskip=\skip52
-LaTeX Info: Redefining \setlength on input line 80.
-LaTeX Info: Redefining \addtolength on input line 81.
-\calc@Ccount=\count283
-\calc@Cskip=\skip53
-)
-\c@@todonotes@numberoftodonotes=\count284
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/listings\listings.sty
-\lst@mode=\count285
-\lst@gtempboxa=\box62
-\lst@token=\toks33
-\lst@length=\count286
-\lst@currlwidth=\dimen197
-\lst@column=\count287
-\lst@pos=\count288
-\lst@lostspace=\dimen198
-\lst@width=\dimen199
-\lst@newlines=\count289
-\lst@lineno=\count290
-\lst@maxwidth=\dimen256
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/listings\lstmisc.sty
-File: lstmisc.sty 2023/02/27 1.9 (Carsten Heinz)
-\c@lstnumber=\count291
-\lst@skipnumbers=\count292
-\lst@framebox=\box63
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/listings\listings.cfg
-File: listings.cfg 2023/02/27 1.9 listings configuration
-))
-Package: listings 2023/02/27 1.9 (Carsten Heinz)
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/algorithm2e\algorithm2
-e.sty
-Package: algorithm2e 2017/07/18 v5.2 algorithms environments
-\c@AlgoLine=\count293
-\algocf@hangindent=\skip54
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/ifoddpage\ifoddpage.st
-y
-Package: ifoddpage 2022/10/18 v1.2 Conditionals for odd/even page detection
-\c@checkoddpage=\count294
-) (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/relsize\relsize.sty
-Package: relsize 2013/03/29 ver 4.1
-)
-\skiptotal=\skip55
-\skiplinenumber=\skip56
-\skiprule=\skip57
-\skiphlne=\skip58
-\skiptext=\skip59
-\skiplength=\skip60
-\algomargin=\skip61
-\skipalgocfslide=\skip62
-\algowidth=\dimen257
-\inoutsize=\dimen258
-\inoutindent=\dimen259
-\interspacetitleruled=\dimen260
-\interspacealgoruled=\dimen261
-\interspacetitleboxruled=\dimen262
-\algocf@ruledwidth=\skip63
-\algocf@inoutbox=\box64
-\algocf@inputbox=\box65
-\AlCapSkip=\skip64
-\AlCapHSkip=\skip65
-\algoskipindent=\skip66
-\algocf@nlbox=\box66
-\algocf@hangingbox=\box67
-\algocf@untilbox=\box68
-\algocf@skipuntil=\skip67
-\algocf@capbox=\box69
-\algocf@lcaptionbox=\skip68
-\algoheightruledefault=\skip69
-\algoheightrule=\skip70
-\algotitleheightruledefault=\skip71
-\algotitleheightrule=\skip72
-\c@algocfline=\count295
-\c@algocfproc=\count296
-\c@algocf=\count297
-\algocf@algoframe=\box70
-\algocf@algobox=\box71
-) (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/float\float.sty
-Package: float 2001/11/08 v1.3d Float enhancements (AL)
-\c@float@type=\count298
-\float@exts=\toks34
-\float@box=\box72
-\@float@everytoks=\toks35
-\@floatcapt=\box73
-)
-\c@theorem=\count299
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/l3backend\l3backend-pd
-ftex.def
-File: l3backend-pdftex.def 2023-04-19 L3 backend support: PDF output (pdfTeX)
-\l__color_backend_stack_int=\count300
-\l__pdf_internal_box=\box74
-) (exercises.aux)
-\openout1 = `exercises.aux'.
-
-LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 70.
-LaTeX Font Info:    ... okay on input line 70.
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/context/base/mkii\supp-pdf.m
-kii
-[Loading MPS to PDF converter (version 2006.09.02).]
-\scratchcounter=\count301
-\scratchdimen=\dimen263
-\scratchbox=\box75
-\nofMPsegments=\count302
-\nofMParguments=\count303
-\everyMPshowfont=\toks36
-\MPscratchCnt=\count304
-\MPscratchDim=\dimen264
-\MPnumerator=\count305
-\makeMPintoPDFobject=\count306
-\everyMPtoPDFconversion=\toks37
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/epstopdf-pkg\epstopdf-
-base.sty
-Package: epstopdf-base 2020-01-24 v2.11 Base part for package epstopdf
-Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4
-85.
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/00miktex\epstopdf-sys.
-cfg
-File: epstopdf-sys.cfg 2021/03/18 v2.0 Configuration of epstopdf for MiKTeX
-))
-\c@lstlisting=\count307
-LaTeX Font Info:    Trying to load font information for U+lasy on input line 73
-.
- (d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/base\ulasy.fd
-File: ulasy.fd 1998/08/17 v2.2e LaTeX symbol font definitions
-)
-LaTeX Font Info:    Trying to load font information for U+msa on input line 73.
-
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/amsfonts\umsa.fd
-File: umsa.fd 2013/01/14 v3.01 AMS symbols A
-)
-LaTeX Font Info:    Trying to load font information for U+msb on input line 73.
-
-
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/amsfonts\umsb.fd
-File: umsb.fd 2013/01/14 v3.01 AMS symbols B
-)
-(d:\Users\Forest\AppData\Local\Programs\MiKTeX\tex/latex/listings\lstlang1.sty
-File: lstlang1.sty 2023/02/27 1.9 listings language file
-)
-Overfull \hbox (15.0pt too wide) detected at line 117
-[][] 
- []
-
-[1
-
-{C:/Users/Forest/AppData/Local/MiKTeX/fonts/map/pdftex/pdftex.map}]
-Overfull \hbox (15.0pt too wide) detected at line 156
-[][] 
- []
-
-[2] (exercises.bbl
-! Undefined control sequence.
-l.15   \url
-           {https://github.com/Arachnid/uscc/tree/master/submissions-2017/do...
-The control sequence at the end of the top line
-of your error message was never \def'ed. If you have
-misspelled it (e.g., `\hobx'), type `I' and the correct
-spelling (e.g., `I\hbox'). Otherwise just continue,
-and I'll forget about whatever was undefined.
-
-
-Overfull \hbox (1.15688pt too wide) in paragraph at lines 12--17
-[]\OT1/cmr/m/n/10 doughoyte.  Merdeto-ken: It's some hot shit.  https://github.
-com/Arachnid/uscc/tree/master/submissions-
- []
-
-[3]) [4] (exercises.aux) ) 
-Here is how much of TeX's memory you used:
- 16580 strings out of 476410
- 323857 string characters out of 5788642
- 2009845 words of memory out of 5000000
- 36658 multiletter control sequences out of 15000+600000
- 521468 words of font info for 72 fonts, out of 8000000 for 9000
- 1141 hyphenation exceptions out of 8191
- 99i,9n,94p,510b,1991s stack positions out of 10000i,1000n,20000p,200000b,200000s
-<d:/Users/Forest/AppData/Local/Programs/MiKTeX/fonts/
-type1/public/amsfonts/cm/cmbx10.pfb><d:/Users/Forest/AppData/Local/Programs/MiK
-TeX/fonts/type1/public/amsfonts/cm/cmbx12.pfb><d:/Users/Forest/AppData/Local/Pr
-ograms/MiKTeX/fonts/type1/public/amsfonts/cm/cmmi10.pfb><d:/Users/Forest/AppDat
-a/Local/Programs/MiKTeX/fonts/type1/public/amsfonts/cm/cmr10.pfb><d:/Users/Fore
-st/AppData/Local/Programs/MiKTeX/fonts/type1/public/amsfonts/cm/cmr12.pfb><d:/U
-sers/Forest/AppData/Local/Programs/MiKTeX/fonts/type1/public/amsfonts/cm/cmr17.
-pfb><d:/Users/Forest/AppData/Local/Programs/MiKTeX/fonts/type1/public/amsfonts/
-cm/cmr5.pfb><d:/Users/Forest/AppData/Local/Programs/MiKTeX/fonts/type1/public/a
-msfonts/cm/cmr7.pfb><d:/Users/Forest/AppData/Local/Programs/MiKTeX/fonts/type1/
-public/amsfonts/cm/cmti10.pfb><d:/Users/Forest/AppData/Local/Programs/MiKTeX/fo
-nts/type1/public/amsfonts/cm/cmtt8.pfb>
-Output written on exercises.pdf (4 pages, 150280 bytes).
-PDF statistics:
- 68 PDF objects out of 1000 (max. 8388607)
- 0 named destinations out of 1000 (max. 500000)
- 13 words of extra memory for PDF output out of 10000 (max. 10000000)
-

SemSEpaper/exercises.tex

@@ -1,14 +1,15 @@
 \documentclass [10pt]{article}
 
-  
+
 \usepackage{latexsym}
 \usepackage{amssymb}
-\usepackage{epsfig} 
+\usepackage{epsfig}
 \usepackage{fullpage}
 \usepackage{enumerate}
 \usepackage{xspace}
 \usepackage{todonotes}
 \usepackage{listings}
+\usepackage{url}
 \usepackage[ruled,linesnumbered]{algorithm2e} % Enables the writing of pseudo code.
 \usepackage{float}% http://ctan.org/pkg/float
 
@@ -24,7 +25,7 @@
 
 \date{WT 2023/24}
 
-\author{\textbf{*** YOUR NAME AND STUDENT ID ***}}
+\author{\textbf{Ivanov, Ivaylo (11777707) \& Millauer, Peter (01350868)}}
 
 \newtheorem{theorem}{Theorem}
 \newtheorem{lemma}[theorem]{Lemma}
@@ -46,23 +47,23 @@
 \definecolor{codepurple}{rgb}{0.58,0,0.82}
 \definecolor{backcolour}{rgb}{0.95,0.95,0.92}
 
-\lstdefinestyle{mystyle}{ 
-	backgroundcolor=\color{backcolour},   
+\lstdefinestyle{mystyle}{
+	backgroundcolor=\color{backcolour},
 	commentstyle=\color{codegreen},
 	keywordstyle=\color{magenta},
 	numberstyle=\tiny\color{codegray},
 	stringstyle=\color{codepurple},
 	basicstyle=\ttfamily\footnotesize,
-	breakatwhitespace=false,         
-	breaklines=true,                 
-	captionpos=b,                    
-	keepspaces=true,                 
-	numbers=left,                    
-	numbersep=5pt,                  
-	showspaces=false,                
+	breakatwhitespace=false,
+	breaklines=true,
+	captionpos=b,
+	keepspaces=true,
+	numbers=left,
+	numbersep=5pt,
+	showspaces=false,
 	showstringspaces=false,
-	showtabs=false,                  
-	tabsize=2	
+	showtabs=false,
+	tabsize=2
 }
 
 
@@ -92,33 +93,34 @@ Any unchecked array write is potentially dangerous, as the storage-location of a
 
 \medspace
 
-A trivial example of such a vulnerable write operation is shown in Algorithm 1.
+A trivial example of such a vulnerable write operation is shown in Algorithm~\ref{alg:vuln-write}.
 
 \lstset{style=mystyle}
 \begin{algorithm}[H]
 	\begin{lstlisting}[language=Octave]
 	pragma solidity 0.4.25;
-	
+
 	contract MyContract {
 		address private owner;
 		uint[] private arr;
-		
+
 		constructor() public {
 			arr = new uint[](0);
 			owner = msg.sender;
 		}
-		
+
 		function write(unit index, uint value) {
 			arr[index] = value;
 		}
 	}
 	\end{lstlisting}
 	\caption{A completely unchecked array write}
+  \label{alg:vuln-write}
 \end{algorithm}
 
 \medspace
 
-In the following example (Algorithm 2) the $pop$ function incorrectly checks for an array $length >= 0$, thereby allowing the $length$ value to underflow when called with an empty array. Once this weakness is triggered, $update$ in Algorithm 2 behaves just like $write$ did in Algorithm 1. 
+In the following example (Algorithm~\ref{alg:pop-incorrect}) the $pop$ function incorrectly checks for an array $length >= 0$, thereby allowing the $length$ value to underflow when called with an empty array. Once this weakness is triggered, $update$ in Algorithm~\ref{alg:pop-incorrect} behaves just like $write$ did in Algorithm~\ref{alg:pop-incorrect}.
 
 \medspace
 
@@ -126,26 +128,26 @@ In the following example (Algorithm 2) the $pop$ function incorrectly checks for
 \begin{algorithm}[H]
 	\begin{lstlisting}[language=Octave]
 	pragma solidity 0.4.25;
-	
+
 	contract MyContract {
 		address private owner;
 		uint[] private arr;
-		
+
 		constructor() public {
 			arr = new uint[](0);
 			owner = msg.sender;
 		}
-		
+
 		function push(value) {
 			arr[arr.length] = value;
 			arr.length++;
 		}
-		
+
 		function pop() {
 			require(arr.length >= 0);
 			arr.length--;
 		}
-		
+
 		function update(unit index, uint value) {
 			require(index < arr.length);
 			arr[index] = value;
@@ -153,8 +155,68 @@ In the following example (Algorithm 2) the $pop$ function incorrectly checks for
 	}
 	\end{lstlisting}
 	\caption{An incorrectly managed array length}
+  \label{alg:pop-incorrect}
 \end{algorithm}
 
+Another weakness that allows arbitrary storage access is unchecked assembly code. Assembly is a powerful tool that allows the developers to get as close to the EVM as they can,
+but it may also be very dangerous when not tested correctly. As per the documentation\footnote{\url{https://docs.soliditylang.org/en/latest/assembly.html}}: \textit{"this [inline assembly]
+bypasses important safety features and checks of Solidity. You should only use it for tasks that need it, and only if you are confident with using it."}
+When given access to such lowlevel structures, a programmer can built-in not only weaknesses similar to the ones described previously, but also others, such as overwriting map locations,
+contract variables etc.
+
+An example for such a weakness is given in Algorithm~\ref{alg:unchecked-assembly}.
+
+\medspace
+
+\lstset{style=mystyle}
+\begin{algorithm}[H]
+	\begin{lstlisting}[language=Octave]
+	pragma solidity 0.4.25;
+
+	contract MyContract {
+		address private owner;
+    mapping(address => bool) public managers;
+
+		constructor() public {
+			owner = msg.sender;
+      setNextUserRole(msg.sender);
+		}
+
+    function setNextManager(address next) internal {
+      uint256 slot;
+      assembly {
+        slot := managers.slot
+        sstore(slot, next)
+      }
+
+      bytes32 location = keccak256(abi.encode(160, uint256(slot)));
+      assembly {
+        sstore(location, true)
+      }
+		}
+
+    function registerUser(address user) {
+      require(msg.sender == owner);
+      setNextManager(user);
+    }
+
+    function cashout() {
+      require(managers[msg.sender]);
+      address payable manager = msg.sender;
+      manager.transfer(address(this).balance);
+    }
+	}
+	\end{lstlisting}
+	\caption{An unchecked assembly write to mapping}
+  \label{alg:unchecked-assembly}
+\end{algorithm}
+
+The contract has a manager mapping, which should be used as a stack.
+The developer has added the \texttt{setNextManager} function, which should set the top of the stack to the latest user as a manager.
+The issue is that the function is implemented in such a way, that the stack would not grow, but the first element would always be overwritten - this arises from the fact that the memory slot
+of the managers mapping does not point to the memory address on the top of the stack, but instead to the base of it.
+The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack.
+
 
 \section{Vulnerable contracts in literature}
 
@@ -166,7 +228,7 @@ Automatic detection tools can be broadly categorized into ones employing static
 
 \medspace
 
-Initially, the given EVM byte-code is disassembled into a control-flow-graph (CFG). In the second step, the tools identify potentially risky instructions. In the case of arbitrary writes, the instruction of note is $sstore(k,v)$ where both $k$ and $v$ are input-controlled. The tools differ in the way they identify whether or not the values are input-controlled. 
+Initially, the given EVM byte-code is disassembled into a control-flow-graph (CFG). In the second step, the tools identify potentially risky instructions. In the case of arbitrary writes, the instruction of note is $sstore(k,v)$ where both $k$ and $v$ are input-controlled. The tools differ in the way they identify whether or not the values are input-controlled.
 
 \medspace