Wrong classification of `RipplePayMain` as being susceptible to `delegatecall_dangerous`

If I understand the announcement in [README.md](https://github.com/gongbell/ContractFuzzer/blob/master/README.md) correctly, then the [`examples` directory](https://github.com/gongbell/ContractFuzzer/tree/master/examples) contains contracts that have been manually confirmed to be vulnerable.

Why is [RipplePayMain.sol](https://github.com/gongbell/ContractFuzzer/blob/master/examples/delegatecall_dangerous/verified_contract_sols/RipplePayMain.sol) marked as being susceptible to the `delegatecall_dangerous` weakness? The Solidity file does not contain a single delegatecall instruction.
The corresponding runtime code, [RipplePayMain.bin-runtime](https://github.com/gongbell/ContractFuzzer/blob/master/examples/delegatecall_dangerous/verified_contract_bins/RipplePayMain.bin-runtime), *seems* to contain a `DELEGATECALL`. However, the byte `0xF4` only occurs in the metadata section and thus cannot be executed. So no possibility for this weakness here either.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Wrong classification of `RipplePayMain` as being susceptible to `delegatecall_dangerous` #26

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Wrong classification of RipplePayMain as being susceptible to delegatecall_dangerous #26

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Wrong classification of `RipplePayMain` as being susceptible to `delegatecall_dangerous` #26