From 36ef04add442fce7dc639ba54f5fb690194c276e Mon Sep 17 00:00:00 2001 From: shuo-young <2857043555@qq.com> Date: Tue, 19 Mar 2024 14:36:52 +0800 Subject: [PATCH] refine output and log info --- README.md | 38 +++++-------------------------- src/graph/call_graph.rs | 7 +++--- src/main.rs | 3 ++- src/outputter/result_structure.rs | 12 +++++----- 4 files changed, 18 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 98e762e..b0de217 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@

Static Badge Static Badge - Static Badge + Static Badge Documentation @@ -10,13 +10,6 @@ License: Apache GitHub Actions Workflow Status - - -


@@ -27,16 +20,6 @@

Lydia

-

- - - - - Report Bug - · - Request Feature -

@@ -63,7 +46,6 @@
  • Features
  • -
  • Contact
  • License
  • @@ -103,7 +85,7 @@ cargo build --release 2. Or you can build or pull the docker image. ```sh -docker build -t lydia:v0.1 . +docker build -t lydia:local . docker pull ghcr.io/shuo-young/lydia:latest ``` @@ -112,9 +94,9 @@ docker pull ghcr.io/shuo-young/lydia:latest ### Local ```sh -RUST_LOG=info cargo run -- ETH 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 +RUST_LOG=info cargo run -- -b ETH -l 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 # or use build bin -./target/release/lydia -- ETH 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 +./target/release/lydia -b ETH -l 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 ``` ### Docker @@ -122,7 +104,7 @@ RUST_LOG=info cargo run -- ETH 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 For the docker image, run with the following command. ```sh -docker run ghcr.io/shuo-young/lydia:latest ETH 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 +docker run ghcr.io/shuo-young/lydia:latest -b ETH -l 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 ``` ## Features @@ -133,15 +115,7 @@ docker run ghcr.io/shuo-young/lydia:latest ETH 0x10C509AA9ab291C76c45414e7CdBd37 - Report critical attack semantic, e.g., call in hook functions, selfdestruct, use randomnumer, creation (sole and multi) etc. - Locating call sites that could perform reentrancy and possible reentrancy targets. -## Contact - -👤 **Shuo Yang** - -- Website: [shuo-young.github.io](https://shuo-young.github.io/) -- Twitter: [@shall_yangshuo](https://twitter.com/shall_yangshuo) -- Github: [@shuo-young](https://github.com/shuo-young) - ## License Copyright © 2024 [Shuo Yang](https://github.com/shuo-young).
    -This project is [Apache](https://github.com/NFTDefects/nftdefects/blob/master/LICENSE) licensed. +This project is [Apache](https://github.com/shuo-young/lydia/blob/master/LICENSE) licensed. diff --git a/src/graph/call_graph.rs b/src/graph/call_graph.rs index 205aa57..7cbba7c 100644 --- a/src/graph/call_graph.rs +++ b/src/graph/call_graph.rs @@ -33,16 +33,17 @@ impl<'a> CallGraph<'a> { &self.visited_funcs } + #[allow(unused_variables)] pub async fn construct_cross_contract_call_graph( &mut self, source: Source, ) -> Result<(), Box> { let mut pending = vec![source]; - println!("{:?}", pending); + // println!("{:?}", pending); while let Some(temp) = pending.pop() { let index = pending.len(); - println!("pending length: {}", index); - println!("current temp contract: {}", temp.logic_addr); + // println!("pending length: {}", index); + // println!("current temp contract: {}", temp.logic_addr); if temp.level > self.max_level { self.max_level = temp.level; } diff --git a/src/main.rs b/src/main.rs index 99bdbcd..57cdb40 100644 --- a/src/main.rs +++ b/src/main.rs @@ -156,7 +156,7 @@ async fn main() { } else { for func_sign in external_call_in_func_signature.clone().into_iter() { // let mut contracts_mut = contracts.borrow_mut(); - println!("{}", func_sign); + println!("call flow originated from function {}", func_sign); let source = Source { platform: platform.to_string(), logic_addr: logic_address.to_string(), @@ -316,6 +316,7 @@ async fn main() { duration.subsec_nanos() ) .into(); + println!("{:?}", result); let mut res: HashMap = HashMap::new(); res.insert(logic_address.to_string(), result); diff --git a/src/outputter/result_structure.rs b/src/outputter/result_structure.rs index 20bf308..cc2f7ce 100644 --- a/src/outputter/result_structure.rs +++ b/src/outputter/result_structure.rs @@ -4,7 +4,7 @@ use serde::{Deserialize, Serialize}; use crate::flow::flow_analysis::{ReachableSiteInfo, ReenterInfo}; -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] pub struct Result { pub is_attack: bool, pub warning: String, @@ -28,31 +28,31 @@ pub struct Result { pub reentrancy_path_info: HashMap, } -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] pub struct SemanticFeatures { pub op_creation: OpCreation, pub op_selfdestruct: bool, pub op_env: bool, } -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] pub struct OpCreation { pub op_multicreate: bool, pub op_solecreate: bool, } -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] pub struct ExternalCall { pub externalcall_inhook: bool, pub externalcall_infallback: bool, // pub hooks_focused: Vec, } -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] pub struct Overlap { pub has_overlap: bool, pub overlap_external_call: Vec, } -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] pub struct PathInfo { pub victim_call: Vec, pub attacker_reenter: Vec,