1. Datasets for defining NFT-related contract defects.
2. Tool NFTGuard for detecting NFT contract defects.
-
python >= 3.6
-
evm >= 1.10.21 Download version 1.10.21 (tested) from go-ethereum and add executable bins in the
$PATH
.wget https://gethstore.blob.core.windows.net/builds/geth-alltools-linux-amd64-1.10.21-67109427.tar.gz > evm-1.10.21.tar.gz tar -zxvf evm-1.10.21.tar.gz cp geth-alltools-linux-amd64-1.10.21-67109427/evm /usr/local/bin/ #$PATH
-
solc >= 0.8.16 Recommend solc-select to manage Solidity compiler versions.
pip3 install solc-select==0.2.1 solc-select install 0.8.16 solc-select use 0.8.16
- Python dependencies installation.
pip3 install -r requirements.txt
- Or you can build or pull the docker image.
docker build -t nftdefects:v0.1 .
docker pull ghcr.io/nftdefects/nftdefects:latest
python3 tool.py -s test/demo.sol -cnames token -j
For the docker image, run with the following command.
docker run -v test:/NFTGuard/test ghcr.io/nftdefects/nftdefects:latest -s test/token.sol -cnames token -j
inputter
: Inputter module for compiling the source code of Solidity smart contracts and extracting useful information for further analysis before symbolic execution.cfg_builder
: CFG Builder module for analysis, including essential data structures, and symbolic execution of evm opcodes.feature_detector
: Feature Detector module of core analysis of finding NFT defects during execution based on 3 operational features (i.e., mapping storage, delete operation, and external invocation) and detection rules.defect_identifier
: Defect Identifier module of definition of classes of defect types, and reporter to show the detection results.
- Specializing on 5 kinds of defects
- Risky Mutable Proxy
- ERC-721 Reentrancy
- Unlimited Minting
- Public Burn
- Missing Requirements
- NFTGuard is extensible for smart contracts with Solidity versions higher than 0.8.0.
This repository was proposed in the ISSTA'23 paper, and we would really appreciate for your citation if this repo helps you.
@inproceedings{yang2023definition,
title = {Definition and Detection of Defects in NFT Smart Contracts},
author = {Yang, Shuo and Chen, Jiachi and Zheng, Zibin},
booktitle = {Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
pages = {373–384},
year = {2023}
}
👤 Shuo Yang
- Website: shuo-young.github.io
- Twitter: @shall_yangshuo
- Github: @shuo-young
Copyright © 2024 Shuo Yang.
This project is Apache licensed.