没有项目描述
karl的Python项目详细描述
卡尔
用于检查安全漏洞的智能合约的监视器。
安装
得到卡尔的最新版本。
$ pip install --user karl
如果您希望karl测试沙盒中发现的漏洞(默认情况下已禁用,--sandbox=true
),请使用npm安装Ganache,以减少误报。
$ npm i -g ganache-cli
演示
使用精心编制的易受攻击的合同在本地运行:
在主网上运行,使用Infura:
说明
Karl将允许您监视正在部署的易受攻击的智能合约的区块链。
它连接到区块链,监视新的区块,并为部署的每个新智能合约运行mythril
。
输出可以显示在控制台中,保存在文件夹中的文件中或发布到URL中。
输出可以是:
- stdout只需将结果发布到标准输出
- folder为文件夹中的每个易受攻击的协定创建文件
- postrl将结果发布到http端点
帮助消息
$ karl --help usage: karl.py [-h] [--rpc HOST:PORT / ganache / infura-{mainnet, rinkeby, kovan, ropsten}] [--rpc-tls RPC_TLS] [--block NUMBER] [--output Can be one of: stdout, posturl, folder] [--posturl POSTURL] [--folder-output FOLDER_OUTPUT] [--sandbox SANDBOX] [--timeout SECONDS] [--tx-count NUMBER] [--modules [MODULES [MODULES ...]]] [--onchain-storage ONCHAIN_STORAGE] [--loop bound LOOP_BOUND] [--verbose] [--version]Smart contract monitor using Mythril to find exploitsoptional arguments: -h, --help show this help message and exit --version show program's version number and exitRPC options: --rpc HOST:PORT / ganache / infura-{mainnet, rinkeby, kovan, ropsten} Custom RPC settings (default: None) --rpc-tls RPC_TLS RPC connection over TLS (default: False) --block NUMBER Start from this block, otherwise start from latest (default: None)Output: --output Can be one of: stdout, posturl, folder Where to send results (default: stdout) --posturl POSTURL Send results to a RESTful url [when using `--output posturl`] (default: None) --folder-output FOLDER_OUTPUT Save files to this folder [when using `--output folder`] (default: None)Sandbox: --sandbox SANDBOX Test found transactions in a Ganache sandbox (default: False)Scan options: --timeout SECONDS Scan timeout per contract (default: 600) --tx-count NUMBER Maximum number of transactions (default: 3) --modules [MODULES [MODULES ...]] Modules to use for scanning (default: ['ether_thief', 'suicide']) --onchain-storage ONCHAIN_STORAGE Whether onchain access should be done or not (default: True) --loop-bound LOOP_BOUND Bound on number of loop iterationsVerbosity: --verbose, -v Set verbose (default: 4)
示例
针对mainnet运行
$ karl --rpc infura-mainnet --rpc-tls trueStdout initializedRunningScraping block 6745471Scraping block 6745472Scraping block 6745473Analyzing 0xf8c065bB1DafC99eE5476a2b675FAC4a036a4B07Scraping block 6745474Analyzing 0xC9e044D76f211E84bA651b30BBA86758ca8017c7Scraping block 6745475Scraping block 6745476Scraping block 6745477Analyzing 0x19427b8FD32dfEc78393517Da416bC5C583E6065
在启用stdout的情况下对ganache运行
$ karl --rpc ganache --output=stdout
INFO:mythril.mythril:Using RPC settings: ('localhost', 8545, False)INFO:mythril.analysis.modules.suicide:Suicide module: Analyzing suicide instructionPOSSIBLE VULNERABILITY!Initial balance = 100000000000000000000, final balance = 100999999999999985722Type = VulnerabilityType.KILL_AND_WITHDRAWDescription = Looks line anyone can kill this contract and steal its balance.Transactions = [{'from': '0x1dF62f291b2E969fB0849d99D9Ce41e2F137006e', 'to': '0x2F2B2FE9C08d39b1F1C22940a9850e2851F40f99', 'data': '0xcbf0b0c0bebebebebebebebebebebebe1dF62f291b2E969fB0849d99D9Ce41e2F137006e', 'value': 0}]
在启用postrl的情况下运行ganache$ karl --rpc ganache --output=posturl --posturl=http://localhost:8080
Posturl initializedRunningScraping block 5Analyzing 0x4b8e80acaE3F0db32e5d35925EfaA97D477dBb70
它会将此信息发送给收听服务
$ nc -l 8080POST / HTTP/1.1Accept-Encoding: identityContent-Type: application/x-www-form-urlencodedContent-Length: 725Host: localhost:8080User-Agent: Python-urllib/3.7Connection: close{ "error": null, "issues": [{ "address": 722, "contract": "0x4b8e80acaE3F0db32e5d35925EfaA97D477dBb70", "debug": "Transaction Sequence: {'1': {'calldata': '0x56885cd8', 'call_value': '0x0', 'caller': '0xaaaaaaaabbbbbbbbbcccccccddddddddeeeeeeee'}, '4': {'calldata': '0x6c343ffe', 'call_value': '0x0', 'caller': '0xaaaaaaaabbbbbbbbbcccccccddddddddeeeeeeee'}}", "description": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", "function": "withdrawfunds()", "max_gas_used": 1749, "min_gas_used": 1138, "swc-id": "105", "title": "Ether thief", "type": "Warning" }], "success": true}
对mainnet运行,并启用folder输出
$ karl --rpc infura-mainnet --output folder
故障排除
openssl
如果出现此错误
#include <openssl/aes.h>
^~~~~~~~~~~~~~~
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
必须安装OpenSSL源代码库
ubuntu
$ sudo apt-get install libssl-dev
学分
这个工具的灵感来自于Bernhard's初始原型,它大量使用了他的项目Myth。
推荐PyPI第三方库
$ karl --rpc ganache --output=posturl --posturl=http://localhost:8080 Posturl initializedRunningScraping block 5Analyzing 0x4b8e80acaE3F0db32e5d35925EfaA97D477dBb70