Coder Social home page Coder Social logo

ethracer's Introduction

Ethracer

This repository contains official Python3 implementation of smart contract analysis tool Ethracer. It can be used to find EO vulnerabilities in smart contracts. For more information about the bugs and the tool, you can read our technical paper Exploiting the laws of order in smart contracts

Dependencies:

Docker

Install docker from here

Ethereum blockchain

Ethracer requires a fully synced blockchain for maximum performance. Sync the blockchain over port 8666, more on this here. If you have a fully synced blockchain already then,

 geth --datadir [chainDirectory] --rpc --maxpeers 0 --rpcport 8666

Important: There should be a working network connection between docker and Ethereum blockchain server.

Steps to run

Build docker container from Ethracer directory

sudo docker build -t ethracer .

Run docker

sudo docker run --net='host' -it ethracer bash

Fire Ethracer!

cd /ethracer/HB && python3.6 main.py --checkone [Contract source code] [Contract address] --blockchain --owner [Owner address]

Run Tests

Make sure that you have a Fully synced blockchain (atleast uptil 5400000 block number) and that it is running on port 8666. Run the command below and check the /ethracer/HB/reports directory. You can find all the traces including the minimal ones with EO bugs, for two contracts given in tests folder.

cd /ethracer && make runTests

Evaluation Datasets

Our evaluation datasets are available at https://drive.google.com/file/d/1190VXwu502M-vgT8yyuFp0lFUVlxnMhO/view?usp=sharing

ethracer's People

Contributors

aashishkolluri avatar

Stargazers

Fausto Carvalho Marques Silva avatar Mojtaba Eshghie avatar Jack avatar avatar Zi-Hao Li avatar SkyWatcher avatar avatar MOZGIII avatar D Hou avatar Prateek Saxena avatar William Cheung avatar BinYu-Xidian avatar Sourav Das avatar

Watchers

James Cloos avatar Prateek Saxena avatar BinYu-Xidian avatar avatar

Forkers

harshvardhan-takawale suxnju ljl20010215 troublor mojtaba-eshghie

ethracer's Issues

About the data set

Dear authors. After downloading the data set, we discover that the processed contract is 8139 and the contracts have reported results is 6943. However, the buggy contracts number in the reports is 940. We would like to know if the 940 contains all 789 bugs in the paper? What's the relation between them? Can I have the exact data as presented in the paper ? Really need to know for further research. Thanks a lot!

ValueError: invalid literal for int() with base 16: ''

Hi, I got some python exceptions when trying to analyze a contract 0xd8493D315eC1FbBD404f169EC5ecc21FA9A008Bf:

...

......Optimizing the inputs......

Traceback (most recent call last):
  File "main.py", line 233, in <module>
    exec_contract(args.checkone[0], args.checkone[1], args.owner[0], args.bin)
  File "main.py", line 161, in exec_contract
    new_nodes_list, new_simplified_hb = optimize_nodes(node_list, simplified_hb, c_address, disasm, debug, MyGlobals.read_from_blockchain, MyGlobals.STORAGE_AT_BLOCK)
  File "/ethracer/HB/optimize_nodes.py", line 157, in optimize_nodes
    ct1 = check_one_trace(contract_address, [candidate1], storage, code, debug, read_from_blockchain, st_blocknumber)
  File "../fuzzer/check.py", line 186, in check_one_trace
    tx_caller  =    int(t['tx_caller'], 16)
ValueError: invalid literal for int() with base 16: ''

Incorrect final stack size after executing CODESIZE

Hi, Ethracer encounters some error when checking whether a function can change the state or not.

Check  18 /  34 :  whether 51221873 {51221873} can change the state �[0m
[ ] Started executing 1st tree... 
[ ] Started executing 1st tree... 
Incorrect final stack size after executing CODESIZE at step 2928

Here is the contract that I tried to analyze: 0x4Bb3205bf648B7F59EF90Dee0F1B62F6116Bc7ca
It seems there are some bugs in the simulation of some opcode.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.