I’d like to write CFG for solidity. And then use it for code analysis. It is new for me and i have some troubles with opcodes understanding. Sorry if i choose the wrong forum section, but i think that it is the most appropriate.
Environment
Remix
Details
I have read article https://blog.openzeppelin.com/deconstructing-a-solidity-contract-part-ii-creation-vs-runtime-6b9d60ecb44c/ . I didn’t understand this commands (add screenshot):
As i understood our goal is: keccak256(k.Р) , where k - is key and p is position; And at this step we are trying to get concatination k.Р. At first we must to save in memory key But i didn’t understand this commands: PUSH a0 PUSH 02 EXP SUB CALLER DUP2 AND AND DUP2 MSTORE
Why we can’t write this in such way: CALLER PUSH 0 MSTORE ?
Why we are using EXP SUB AND commands ?
Code to reproduce
1 Like
Hi @Apathy21,
Welcome to the community forum .
What is CFG?
Can you confirm that I understand your questions correctly:
- You would like an explanation of instructions 43 to 54 (storing
10000
in the balances mapping for the key of msg.sender
)
- You want to know why these instructions couldn’t be replaced with
CALLER PUSH 0 MSTORE
- Also why in instructions 43 to 54 we need to use
EXP
SUB
AND
instructions
I haven’t played with assembly so can’t really help here. Hopefully someone in the community can answer.
Hello @abcoathup !
CFG - this is control flow graph - representation of the code as a graph ) Static analyzers for detecting vulnerabilities use CFG - for example Securify https://github.com/eth-sri/securify
I think in the first point these words “(storing 10000
in the balances mapping for the key of msg.sender
)” must be replaced by “concatenating mapping position and key”
But everything else you wrote correctly, Thank you !)
1 Like