Smart Contract Scanning

Smart Contract Scanning¶

How Coinbase make a tool to automate Smart Contract Scanning

https://github.com/crytic/rattle
https://swcregistry.io/

Code Review Smart Contracts¶

Ethereum Smart Contracts¶

https://consensys.github.io/smart-contract-best-practices/security-tools/

Example Bad Contracts:
https://swcregistry.io/
https://github.com/crytic/not-so-smart-contracts
https://github.com/smartbugs/smartbugs-wild
https://www.damnvulnerabledefi.xyz/
https://github.com/cclabsInc/BlockChainExploitation

Smart Contract Scanners:
https://github.com/crytic/etheno
https://github.com/crytic/slither
https://github.com/smartbugs/smartbugs
https://github.com/crytic/building-secure-contracts

Solana Smart Contracts¶

https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed
https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d

Paid Programs

Slither¶

Slither, the Solidity source analyzer
- the installed solc version must be exactly the same as is used.

Run on a Token Address:

slither-check-erc 0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756 DigitalMediaCore --erc ERC721
Installing '0.4.25'...
Version '0.4.25' installed.
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:169:3: Warning: Defining constructors as functions with the same name as the contract is deprecated. Use "constructor(...) { ... }" instead.
  function Ownable() public {
  ^ (Relevant source part starts here and spans across multiple lines).

Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:960:3: Warning: Defining constructors as functions with the same name as the contract is deprecated. Use "constructor(...) { ... }" instead.
  function ERC721Token(string _name, string _symbol) public {
  ^ (Relevant source part starts here and spans across multiple lines).

Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:362:17: Warning: This function only accepts a single "bytes" argument. Please use "abi.encodePacked(...)" or a similar function to encode the data.
        require(keccak256(candidateCreatorRegistryStore.typeOfContract()) == keccak256("approvedCreatorRegistry"));
                ^-------------------------------------------------------^

Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:362:17: Warning: The provided argument of type string memory is not implicitly convertible to expected type bytes memory.
        require(keccak256(candidateCreatorRegistryStore.typeOfContract()) == keccak256("approvedCreatorRegistry"));
                ^-------------------------------------------------------^


# Check DigitalMediaCore

## Check functions
[✓] balanceOf(address) is present
	[✓] balanceOf(address) -> () (correct return value)
	[✓] balanceOf(address) is view
[✓] ownerOf(uint256) is present
	[✓] ownerOf(uint256) -> () (correct return value)
	[✓] ownerOf(uint256) is view
[✓] safeTransferFrom(address,address,uint256,bytes) is present
	[✓] safeTransferFrom(address,address,uint256,bytes) -> () (correct return type)
	[✓] Transfer(address,address,uint256) is emitted
[✓] safeTransferFrom(address,address,uint256) is present
	[✓] safeTransferFrom(address,address,uint256) -> () (correct return type)
	[✓] Transfer(address,address,uint256) is emitted
[✓] transferFrom(address,address,uint256) is present
	[✓] transferFrom(address,address,uint256) -> () (correct return type)
	[✓] Transfer(address,address,uint256) is emitted
[✓] approve(address,uint256) is present
	[✓] approve(address,uint256) -> () (correct return type)
	[✓] Approval(address,address,uint256) is emitted
[✓] setApprovalForAll(address,bool) is present
	[✓] setApprovalForAll(address,bool) -> () (correct return type)
	[✓] ApprovalForAll(address,address,bool) is emitted
[✓] getApproved(uint256) is present
	[✓] getApproved(uint256) -> () (correct return value)
	[✓] getApproved(uint256) is view
[✓] isApprovedForAll(address,address) is present
	[✓] isApprovedForAll(address,address) -> () (correct return value)
	[✓] isApprovedForAll(address,address) is view
[✓] supportsInterface(bytes4) is present
	[✓] supportsInterface(bytes4) -> () (correct return value)
	[✓] supportsInterface(bytes4) is view
[✓] name() is present
	[✓] name() -> () (correct return value)
	[✓] name() is view
[✓] symbol() is present
	[✓] symbol() -> () (correct return value)
[✓] tokenURI(uint256) is present
	[✓] tokenURI(uint256) -> () (correct return value)

## Check events
[✓] Transfer(address,address,uint256) is present
	[✓] parameter 0 is indexed
	[✓] parameter 1 is indexed
	[ ] parameter 2 should be indexed
[✓] Approval(address,address,uint256) is present
	[✓] parameter 0 is indexed
	[✓] parameter 1 is indexed
	[ ] parameter 2 should be indexed
[✓] ApprovalForAll(address,address,bool) is present
	[✓] parameter 0 is indexed
	[✓] parameter 1 is indexed

Run on a Single File:

slither tests/uninitialized.sol

Run on a Folder:

slither .

Run with Docker:

docker pull trailofbits/eth-security-toolbox
docker run -it -v /home/share:/share trailofbits/eth-security-toolbox

Manticore¶

Doesn't seem to work

Published Bytecode on Blockchain¶

Getting Blocks from the Mainnet:

karl --rpc https://mainnet.infura.io/

Blockchain Scanners: