New config issue format

[s0b0lev]

I will copy open question here:

I am trying to configure checker for Github SWC-registry and I wanna generate keccak256 on javascript,
I use this library: http://emn178.github.io/online-tools/keccak_256.html but it produce different output

We got bytecode string:

608060405234801561001057600080fd5b5061010c806100206000396000f300608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632553e8a014604d575b348015604a57600080fd5b50005b348015605857600080fd5b50605f6061565b005b60008060008040925082604051808260001916600019168152602001915050604051809103902091505a90506000811415609a57600080fd5b3073ffffffffffffffffffffffffffffffffffffffff166040516000604051808303816000865af291505050600073ffffffffffffffffffffffffffffffffffffffff16ff00a165627a7a72305820602d9137348e21d7141640e6dfe4b67ded3f3b4898e778a72e3464f51aa9cc630029

Which will be translated to (using http://emn178.github.io/online-tools/keccak_256.html):
eb7bbb275df9c8d7d90cf7bf2204028498a23a9c31e58dec1227d8cd34dccecd

While our config define it as:
bdb45e04caea963dec0c156b81632b1cb8970c6dd9cbacbb2bfc04770dd73895

How I get this results:

import _pysha3 as sha3

bytecode = "608060405234801561001057600080fd5b5061010c806100206000396000f300608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632553e8a014604d575b348015604a57600080fd5b50005b348015605857600080fd5b50605f6061565b005b60008060008040925082604051808260001916600019168152602001915050604051809103902091505a90506000811415609a57600080fd5b3073ffffffffffffffffffffffffffffffffffffffff166040516000604051808303816000865af291505050600073ffffffffffffffffffffffffffffffffffffffff16ff00a165627a7a72305820602d9137348e21d7141640e6dfe4b67ded3f3b4898e778a72e3464f51aa9cc630029"

keccak = sha3.keccak_256()
keccak.update(bytes.fromhex(bytecode))
print(f"0x{keccak.hexdigest()}")

[Output] => "0xbdb45e04caea963dec0c156b81632b1cb8970c6dd9cbacbb2bfc04770dd73895"

How Valentin get this results in Go:

func Test1(t *testing.T) {
    decInput, _ := hex.DecodeString("608060405234801561001057600080fd5b5061010c806100206000396000f300608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632553e8a014604d575b348015604a57600080fd5b50005b348015605857600080fd5b50605f6061565b005b60008060008040925082604051808260001916600019168152602001915050604051809103902091505a90506000811415609a57600080fd5b3073ffffffffffffffffffffffffffffffffffffffff166040516000604051808303816000865af291505050600073ffffffffffffffffffffffffffffffffffffffff16ff00a165627a7a72305820602d9137348e21d7141640e6dfe4b67ded3f3b4898e778a72e3464f51aa9cc630029")
    hash := crypto.Keccak256Hash(decInput)
    fmt.Printf("0x%x\n", hash)
}

[Output] => "0xbdb45e04caea963dec0c156b81632b1cb8970c6dd9cbacbb2bfc04770dd73895"

But this UI show different results: http://emn178.github.io/online-tools/keccak_256.html

Whats wrong here @thec00n @wuestholz ?

[s0b0lev]

@thec00n one of possible solution (which was discussed with Valentin) to add checker for keccak256, I will have to include python script to run this checks.

[thec00n]

For JS you can use Web3 -> https://web3js.readthedocs.io/en/1.0/web3-utils.html

[s0b0lev]

There are 2 configs where bin key is empty for first contract:

https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/assert_violations/runtime_user_input_call.json

I change script to take first contract with bin