Giter VIP home page Giter VIP logo

blockwatchdog's Introduction

Static Badge Static Badge Static Badge Documentation License: Apache GitHub Actions Workflow Status

News: A Rust implementation Lydia (>10% faster) is here.


Logo

BlockWatchdog

Table of Contents
  1. About The Project
  2. Prerequisites
  3. Usage
  4. Code Structure
  5. Features
  6. Publication
  7. License

About The Project

An attacker contract hunter for detecting premeditated attacks (reentrancy in this case) and other attack matrix.

Prerequisites

  • python >= 3.8

  • gigahorse-toolchain

    Refer to the gigahorse-toolchain repository for setup details.

Install

  1. Python dependencies installation.
conda create -n leslie python=3.8
conda activate leslie
pip3 install -r requirements.txt
  1. Or you can build or pull the docker image.
docker build -t BlockWatchdog:local .
docker pull ghcr.io/shuo-young/blockwatchdog:latest

Usage

Local

python3 blockwatchdog.py -la 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8

Docker

For the docker image, run with the following command.

docker run ghcr.io/shuo-young/blockwatchdog:latest -la 0x10C509AA9ab291C76c45414e7CdBd375e1D5AcE8 -bp ETH -bn 16000000

Code Structure

  • gigahorse-toolchain: refer to Elipmoc, with a self-defined datalog file leslie.dl (named for memorizing Leslie Cheung). We now use the gigahorse version at commit 7d0faaa.
  • contract.py: fetch and decompile contract bytecode to extract flow information (e.g., function external calls) during intra-procedure analysis.
  • flow_analysis.py: trace all possible call chains in the call graph, and identify possible reentrancy path and reentrancy call target.
  • graph/call_graph.py: construct call graph and print it.
  • global_params.py: global params for analysis.
  • blockwatchdog.py: interfaces for input and output.

Features

  • Recover all possible (and available) call chains originated from the attacker contract (each public function).
  • Report critical attack semantics, e.g., call in hook functions, selfdestruct, use randomnumer, contract creation (sole and multi) etc.
  • Locating call sites that could perform reentrancy and possible reentrancy targets (victims).

Publication

This repository was proposed in the ICSE'24 paper: Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts, and we would really appreciate for your citation if this repo helps you.

License

Copyright © 2024 Shuo Yang.
This project is Apache licensed.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.