/nftdefects

Definition and Detection of Defects in NFT Smart Contracts

Primary LanguagePythonApache License 2.0Apache-2.0

Static Badge Static Badge Static Badge Documentation License: Apache GitHub Actions Workflow Status GitHub forks GitHub forks


NFTDefects

1. Datasets for defining NFT-related contract defects.
2. Tool NFTGuard for detecting NFT contract defects.

Prerequisites

  • python >= 3.6

  • evm >= 1.10.21 Download version 1.10.21 (tested) from go-ethereum and add executable bins in the $PATH.

    wget https://gethstore.blob.core.windows.net/builds/geth-alltools-linux-amd64-1.10.21-67109427.tar.gz > evm-1.10.21.tar.gz
tar -zxvf evm-1.10.21.tar.gz
cp geth-alltools-linux-amd64-1.10.21-67109427/evm /usr/local/bin/ #$PATH

  • solc >= 0.8.16 Recommend solc-select to manage Solidity compiler versions.

    pip3 install solc-select==0.2.1
solc-select install 0.8.16
solc-select use 0.8.16

Install

  1. Python dependencies installation.
pip3 install -r requirements.txt
  1. Or you can build or pull the docker image.
docker build -t nftdefects:v0.1 .
docker pull ghcr.io/nftdefects/nftdefects:latest

Usage

Local

python3 tool.py -s test/demo.sol -cnames token -j

Docker

For the docker image, run with the following command.

docker run -v test:/NFTGuard/test ghcr.io/nftdefects/nftdefects:latest -s test/token.sol -cnames token -j

Code Structure

  • inputter: Inputter module for compiling the source code of Solidity smart contracts and extracting useful information for further analysis before symbolic execution.
  • cfg_builder: CFG Builder module for analysis, including essential data structures, and symbolic execution of evm opcodes.
  • feature_detector: Feature Detector module of core analysis of finding NFT defects during execution based on 3 operational features (i.e., mapping storage, delete operation, and external invocation) and detection rules.
  • defect_identifier: Defect Identifier module of definition of classes of defect types, and reporter to show the detection results.

Features

  • Specializing on 5 kinds of defects
    • Risky Mutable Proxy
    • ERC-721 Reentrancy
    • Unlimited Minting
    • Public Burn
    • Missing Requirements
  • NFTGuard is extensible for smart contracts with Solidity versions higher than 0.8.0.

Publication

This repository was proposed in the ISSTA'23 paper, and we would really appreciate for your citation if this repo helps you.

@inproceedings{yang2023definition,
  title = {Definition and Detection of Defects in NFT Smart Contracts},
  author = {Yang, Shuo and Chen, Jiachi and Zheng, Zibin},
  booktitle = {Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages = {373–384},
  year = {2023}
}

Author

👤 Shuo Yang

📝 License

Copyright © 2024 Shuo Yang.
This project is Apache licensed.