Author: enderlocphan@gmail.com
The documents aim to recap my experience in smart contract automated testing besides the manual testing. I also put the issues that I faced during the execution, indeed, solutions are given.
For a complex project, you can't just copy paste the single sol file and let it run. To make our life easier, Remix has localhost connection which allows you to interact with your project in your local machine remotely.
This is something I'm used to doing when the project has a large number of inheritant contracts. Obviously, this make our life easier than ever by just downloading the git project and do some commands.
-
Compile your truffle contract if needed with
npm install
(!remember remvove the package-lock.json, if it does have it). Otherwise, the remix wouldn't be able to load all libraries for the contracts that are being called. -
Go to WorkSpaces on the left panel and choose "Connect to Localhost"
- The message box pops up and you just need to read carefully and copy the command shown in the box to connect your localhost
https://gist.github.com/c3b05db188b9a66755e4d4ce3373373d
Important:
path-to-the-shared-folder: needs to be an absolute path
remix-ide-instance-URL: needs to plain with http or https
eg:
https://gist.github.com/9f96a2055bd8b42a5f1b9d0ad08251a2
Somtimes I still got this error from Remix
Cannot connect to the remixd daemon. Please make sure you have the remixd running in the background.
What I usually do is just switch to a new terminal tab and re-type the remixd command. If needed, you can just uinstall and reinstall the remixd (Close VS-Code to do this, if you have it opened)
https://remix-ide.readthedocs.io/en/latest/remixd.html
The same error but another issue.
https://ethereum.stackexchange.com/questions/78637/cant-connect-remix-ide-using-remixd
Source: https://github.com/crytic/solc-select
You need to just switch the version of solc quickly by a command. The version of solc is kindda painful, depending on the tools and project, you need to use a specific and exact version to compile.. otherwise broke.
During my audit, I've suffered with solc-select installations. I used to install via the shell command, but now they've upraded to pip3. The thing is that some docker containers do not support pip3, so you would need to install solc-selct into that docker but pip3. Therefore, I'v a copied version of the solc-select installed via shell.
Via shell: https://github.com/enderphan94/solc-select-sh-version
Via pip3: https://github.com/crytic/solc-select
Install the version you want
https://gist.github.com/696d12da5415be51a57254b1ee6c3546
And use it https://gist.github.com/547569aa651845571a457102ec789b8e
Check your solc version again
https://gist.github.com/120af69c1998830f8671709e117991b3
Source: https://github.com/crytic/slither
- Detects vulnerable Solidity code with low false positives (see the list of trophies)
- Identifies where the error condition occurs in the source code
- Easily integrates into continuous integration and Truffle builds
- Built-in 'printers' quickly report crucial contract information
- Detector API to write custom analyses in Python
- Ability to analyze contracts written with Solidity >= 0.4
- Intermediate representation (SlithIR) enables simple, high-precision analyses
- Correctly parses 99.9% of all public Solidity code
- Average execution time of less than 1 second per contract
Slither requires Python 3.6+ and solc, the Solidity compiler.
https://gist.github.com/ca96530fac9dcad5baaa70227b511054
https://gist.github.com/bddc7c1dc5a9ba582f7502f560637110
We recommend using an Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install Slither via git.
Use the eth-security-toolbox
docker image. It includes all of our security tools and every major version of Solidity in a single image. /home/share
will be mounted to /share
in the container.
https://gist.github.com/8b5f565e06dfa6f5c17d321da40dbe14
To share a directory in the container:
https://gist.github.com/5f21b0731dbf09306b2754339f2965d9
https://gist.github.com/d97152ab261190f1e44ee80a202ce153
Error: Source "@openzeppelin/contracts/utils/Context.sol" not found: File outside of allowed directories.
Fixed: the --allow-path
does not work, just download the library and copy them into the dir.. casual way :/
Mythril detects a range of security issues, including integer underflows, owner-overwrite-to-Ether-withdrawal, and others. Note that Mythril is targeted at finding common vulnerabilities, and is not able to discover issues in the business logic of an application. Furthermore, Mythril and symbolic executors are generally unsound, as they are often unable to explore all possible states of a program.
Source: https://github.com/ConsenSys/mythril
https://gist.github.com/4a5684bca1e92032944e4b756008fa0d
Install from Pypi:
https://gist.github.com/4a6e66fd5b7309bae36990735374a0da
Note: In my exprience, I prefer using mythril version installed via pip3 rather than Docker. I've faced so many issues with the docker version, and I decided to switch to pip3 one.
Via pip3: https://github.com/ConsenSys/mythril/blob/develop/README.md#usage
Via Docker: docker run -v $(pwd):/tmp mythril/myth a /tmp/<file-name>.sol --solv 0.5.0
In case the tool gives you this error:
mythril.mythril.mythril_disassembler [ERROR]: The file Token.sol does not contain a compilable contract. mythril.interfaces.cli [ERROR]: input files do not contain any valid contracts
We can use contract address in testnet or ganache https://mythril-classic.readthedocs.io/en/master/security-analysis.html
Ganache: myth a --rpc ganache -a <address>
Evn: MacOS
Just in case the command Pip3 install mythril
does not work. I don't remember what happened exactly but something does not work with pip3 in MacOS :)
Use the following command
https://gist.github.com/d91297767da438e24fc1d591fceb3f97
Error
in self.solidity_files[file_index].full_contract_src_maps IndexError: list index out of range
Just uninstall mythril and reinstall it
https://gist.github.com/c63618ba096f14fd693494cd5c96b0a6
https://gist.github.com/84611769906dac0a6b776c3e0b85d9b6
This tool takes quite a long time to complete.
Program Exploration: Manticore can execute a program with symbolic inputs and explore all the possible states it can reach
Input Generation: Manticore can automatically produce concrete inputs that result in a given program state
Error Discovery: Manticore can detect crashes and other failure cases in binaries and smart contracts
Instrumentation: Manticore provides fine-grained control of state exploration via event callbacks and instruction hooks
Programmatic Interface: Manticore exposes programmatic access to its analysis engine via a Python API
Note: We recommend installing Manticore in a virtual environment to prevent conflicts with other projects or packages
Option 1: Installing from PyPI:
https://gist.github.com/96b26e5a4c29860ed640aa6af1871539
Option 2: Installing from PyPI, with extra dependencies needed to execute native binaries:
https://gist.github.com/dba0c698c9d0fec64d8b85750c0ad8c9
Option 3: Installing a nightly development build:
https://gist.github.com/d6af94952324b92df939340e0fdd02f9
Option 4: Installing from the master
branch:
https://gist.github.com/cf8aa6adc473670fba5313f47972bbe0
Option 5: Install via Docker:
https://gist.github.com/0f5e3f676cfac90efded606bf14cf339
Once installed, the manticore
CLI tool and Python API will be available.
For a development installation, see our wiki.
Sigle contract in a file
https://gist.github.com/4bc7805b4af2a8b3a61f700da48b3637
Mutiple contracts in a file
https://gist.github.com/4fe57243add065e61503678ab1284b84
Note:
Manticore takes quite a long time to complete the scan by default, so usually I also use --quick-mode
option for quick exploration. Disable gas, generate testcase only for alive states, do not explore constant functions. Disable all detectors.
https://gist.github.com/1ada83441fcb622f8c753ae1b43ae657
Source: https://github.com/cleanunicorn/theo
- Automatic smart contract scanning which generates a list of possible exploits.
- Sending transactions to exploit a smart contract.
- Transaction pool monitor.
- Web3 console
- Frontrunning and backrunning transactions.
- Waiting for a list of transactions and sending out others.
- Estimating gas for transactions means only successful transactions are sent.
- Disabling gas estimation will send transactions with a fixed gas quantity.
https://gist.github.com/70bbab222da3078c9f85242019045249
Usually I deploy the smart contract in Ganache local network, from that, I can freely have the private keys of many accounts. If you have metamask installed, you can deploy in the testnet and get the private key of the accounts.
-
Deploy the contract
-
Run https://gist.github.com/4019e1d4b2f79f82591fec16d7da1234
-
Enter the private key of the attack's account
-
Enter the smart contract address
eg:
https://gist.github.com/0e69687ce469371f2fdc2eb765abddae
Souce: https://www.npmjs.com/package/@smartdec/smartcheck
SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language
https://gist.github.com/b05350d0092b2b00c47e0d5b996b8efc
- Copy the contract to a folder
- Run https://gist.github.com/89205f8e8cab67be2b72cc0649f0a805
Source: https://github.com/eth-sri/securify2
- Supports 38 vulnerabilities (see table below)
- Implements novel context-sensitive static analysis written in Datalog
- Analyzes contracts written in Solidity >= 0.5.8
To build the container:
https://gist.github.com/4321d9591c50f24b3653f08ff58f8c53
To run the container:
https://gist.github.com/68cb25b2379807f0e9cc05e912b2f456
contract-dir-full-path: should be the absolute path
eg:
https://gist.github.com/8d417ab0a7877a35f4057b5b0388b9a6
Source: https://github.com/duaraghav8/Ethlint
Ethlint (Formerly Solium) analyzes your Solidity code for style & security issues and fixes them.
https://gist.github.com/50c66eceda258833b699295ff2a088cd
In the root directory of your DApp: https://gist.github.com/a7e023f090f8acadd5409a9a40487ecb
This creates .soliumrc.json file, which contains configuration that tells Solium how to lint your project. You should modify this file to configure rules, plugins and sharable configs.
I just usually use this simple setting.
https://gist.github.com/bd312d3efa2081b35277b74a7288edf5
Then you can run
https://gist.github.com/edf105c95ca829cb0f03abd8f6d1cfa4
or
https://gist.github.com/4a32858df4a75a3d7396ee9b43a6aa3a
Source: https://github.com/streetsidesoftware/cspell
The cspell mono-repo, a spell checker for code.
https://gist.github.com/b376bd58f2724c70a963ad4055e232b9
https://gist.github.com/03896c4bb6dd551214dba7c6d795dc65
Source: https://github.com/ConsenSys/surya
Surya is an utility tool for smart contract systems. It provides a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph in multiple ways to aid in the manual inspection of contracts.
Install graphviz
https://gist.github.com/893ab3560b223c97781f1bc1b306c51e
Install surya https://gist.github.com/7813b4d5283359337da918073bb62883
https://gist.github.com/157f12bb9c8f97938e59e55c2b75e44d
Note: I recommend using Surya in VS Code
Here is my list:
- Name: vscode-slither
VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=samparsky.vscode-slither
- Name: Solidity Visual Developer
VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor
- Name: Slither
VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=trailofbits.slither-vscode
- Name: Code Spell Checker
VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=streetsidesoftware.code-spell-checker
- Name: mythril
VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=xgwang.mythril
- Name: solidity
VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity