News: A Rust implementation Lydia (>10% faster) is here.
Table of Contents
An attacker contract hunter for detecting premeditated attacks (reentrancy in this case) and other attack matrix.
-
python >= 3.8
-
gigahorse-toolchain
Refer to the gigahorse-toolchain repository for setup details.
- Python dependencies installation.
conda create -n leslie python=3.8
conda activate leslie
pip3 install -r requirements.txt- Or you can build or pull the docker image.
docker build -t BlockWatchdog:local .
docker pull ghcr.io/shuo-young/blockwatchdog:latestpython3 blockwatchdog.py -la 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8For the docker image, run with the following command.
docker run ghcr.io/shuo-young/blockwatchdog:latest -la 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 -bp ETH -bn 16000000gigahorse-toolchain: refer to Elipmoc, with a self-defined datalog fileleslie.dl(named for memorizing Leslie Cheung). We now use the gigahorse version at commit 7d0faaa.contract.py: fetch and decompile contract bytecode to extract flow information (e.g., function external calls) during intra-procedure analysis.flow_analysis.py: trace all possible call chains in the call graph, and identify possible reentrancy path and reentrancy call target.graph/call_graph.py: construct call graph and print it.global_params.py: global params for analysis.blockwatchdog.py: interfaces for input and output.
- Recover all possible (and available) call chains originated from the attacker contract (each public function).
- Report critical attack semantics, e.g., call in hook functions, selfdestruct, use randomnumer, contract creation (sole and multi) etc.
- Locating call sites that could perform reentrancy and possible reentrancy targets (victims).
This repository was proposed in the ICSE'24 paper: Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts, and we would really appreciate for your citation if this repo helps you.
Copyright © 2024 Shuo Yang.
This project is Apache licensed.