Note

For developers familiar with Slither, you can directly navigate to the detectors interface to view the rules. https://github.com/MetaTrustLabs/falcon-metatrust/tree/main/falcon/detectors

We also have about 40 original rules that have not been released yet. In the future, we will gradually make the rule source code public. Part of these rules，Please check "[Part of] Optimized and Added Detectors"

Falcon

Join the Club
Metatrust Telegram

_{- Discussions and Support}

Welcome! We are the Metatrust.Labs. Over recent months, we've devoted our energies to refining and expanding the capabilities of the renowned Slither detectors. As a result, we proudly introduce Falcon — our advanced iteration of the Slither detectors.

Recognizing the challenges associated with code review and audit processes, we took it upon ourselves not just to enhance the sensitivity of our detectors, but also to drastically reduce the frequency of false positives. By doing so, we believe we've created the most efficient version of the Slither detectors to date. Falcon has been enriched with an abundance of new detectors, while nearly 100 of the existing ones have been optimized for better precision.

Our detectors in Falcon are designed with the primary goal of identifying potential issues to assist code auditors. They serve as a highly efficient automation tool, meticulously scanning against a vast checklist of potential vulnerabilities.

Falcon is a comprehensive Solidity static analysis framework crafted in Python3. Not only does it run an extensive suite of vulnerability detectors, but it also offers visual insights about contract specifics and furnishes an API designed for the easy development of custom analyses.

Building upon the foundations laid by Slither, Falcon introduces dozens of novel rules tailored for the current smart contract landscape. This includes detection mechanisms for logic inconsistencies, DeFi price manipulation vulnerabilities, centralization risks, and Time-of-Check to Time-of-Use (ToD) vulnerabilities. However, we'd like to highlight that some of these advanced checks come as premium offerings and are subject to fees.

By leveraging Falcon, developers can unearth vulnerabilities in their code, gain deeper insights into their contracts, and rapidly draft custom analyses tailored to their unique requirements.

Should you come across any issues, bugs, or vulnerabilities while utilizing our Falcon detectors, please don't hesitate to reach out. Whether it's through opening a PR/Issue or contacting us directly, we appreciate all feedback. For any further inquiries or suggestions, join our vibrant community on Discord or Telegram. We're committed to fostering a robust community, continuously enhancing our offerings, and championing collective initiatives.

MWE Wiki
MWE Category Tree
GPTScan
- This is our unique smart contract vulnerability scanning engine based on GPT and Falcon’s AI empower

Install

Pre-requisites:

Ensure you have Python (version 3.9 or newer) installed on your system.

Installation:

Navigate to the Falcon project root directory.

Run the following command to install Falcon:

pip3 install -r requirements-dev.txt
python setup.py install

After successful installation, you should have access to the Falcon command-line interface.

Structure:

1. /falcon

This is similar to the slither folder in the Slither project. The /falcon folder contains the core functionalities and components of the Falcon static analysis engine, including:

The main framework for AST analysis.
Libraries and modules responsible for parsing smart contracts.
Intermediate representations (IRs) for smart contracts.
The core logic that drives the Falcon static analysis processes.

2. /falcon/detectors/

This folder contains the set of detectors, primarily inspired by Slither's rules. They are designed to identify vulnerabilities, misconfigurations, and potential issues within the smart contracts:

Each detector script in this folder targets a specific vulnerability type.
The detectors parse and analyze the smart contract IRs to discover any potential threats.
Detected issues will be reported with their severity, type, and a brief description to assist in understanding and mitigation.

Basic Usage:

To scan a smart contract without installing the package:

Navigate to the Falcon project root directory.

Run the following command:

pip3 install -r requirements-dev.txt
python -m falcon [relative file based on root directory of falcon]

For example, to scan a contract located at contracts/MyContract.sol:

pip3 install -r requirements-dev.txt
python -m falcon contracts/MyContract.sol

[Part of] Optimized and Added Detectors

Detector Name	Detector File	Release Date	Note	Status
Arbitrary send erc20 Basic Library	-	1 week later	We have optimized Arbitrary send erc20 to reduce false positives	Implemented
Centralized	-	relaease	We believe that centralized risk is one of the risks that should not be ignored, so we have implemented multiple centralized risk vulnerability detection rules with different risk levels.	Implemented
bad_prng	-	1 week later	We believe that random number vulnerabilities only occur in functions with certain specific functions, so we simply filter the functions	Implemented
Transfer Inside a Loop	-	relaease	Transfers in the loop can easily cause DOS attacks	Implemented
DeFi Related Detectors	-	relaease	We implemented a simple price manipulation detector to detect whether there is suspicious price manipulation through taint analysis, and divided it into multiple risk levels.	Implemented
ERC	-	1 week later	We have implemented detectors for multiple ERC standards	Implemented
Transaction Order Dependency	-	relaease	We implemented a detector for the Transaction Order Dependency vulnerability and divided it into multiple risk levels.	Implemented
Reentrancy Basic Library	-	released	We have optimized a variety of corner cases and significantly reduced the false alarm rate.	Implemented
Support on-chain data fetch	-	-	-	TODO
Prompt-based AI vulnerability detection	-	-	Based on our unique prompt design and vulnerability confirmation logic, we can effectively dig out some logical vulnerabilities that are difficult to discover and summarize.	Implementing

Enhancements & New Detectors

Here we indicate our updates, workflows and mark completed tasks and improvements!

You can add your own detector/idea/enhancement by opening the Issue at the following link.

Prior to adding a custom detector, ensure that:

In a documentation file, your detector is comprehensively described;
The detector test contract is presented and correctly compiles;
The detector code is presented and works properly.

Prior to adding an idea, ensure that:

Your concept or idea is well articulated;
A vulnerability example (or PoC) is provided;

Prior to adding an enhancement, ensure that:

Your enhancement does not make the base code worse;
Your enhancement is commented.

Acknowledgements

Our team would like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits' blockchain security division, and all the people who believe in the original tool and its evolution!

Articles:

Slither
How do we use Slither at Pessimistic.io
Slither Explained
Slither: In-Depth
Slither Review
Slither - Python
Reentrancy Attacks on Smart Contracts Distilled
Be sure to check out our blog as well!

Research Papers:

GPTScanThis is our unique smart contract vulnerability scanning engine based on GPT and Falcon’s AIempower
Slither: A Static Analysis Framework For Smart Contracts
Detecting Vulnerable Ethereum Smart Contracts via Abstracted Vulnerability Signatures
Evaluating Smart Contract Static Analysis Tools Using Bug Injection
A Framework and DataSet for Bugs in Ethereum Smart Contracts
A Comprehensive Survey of Upgradeable Smart Contract Patterns

Slither: In-Depth

Slitherin in mass media

bixia / falcon-metatrust