How to implement to detect 'freezing ether' bug?

Question

How to implement to detect 'freezing ether' bug?

kimdora opened this issue 5 years ago · 2 comments

I read the 'ContractFuzzer' paper. And I am confused how to detect freezing ether bugs 'exactly' because the paper explained it too rough. I want to know it in detail so I'm looking for code implementing freezing ether bug oracle. But I can't find it. Can you tell me which file implements freezing ether bug oracle?

Answer 1 · 2020-08-17T19:17:10.000Z

Now I think freezing ether detector is removed from the source code.
Refer to https://github.com/gongbell/ContractFuzzer/blob/master/contract_fuzzer/src/ContractFuzzer/server/server.go#L291

Answer 2 · 2020-08-18T00:46:21.000Z

Please check this script:

https://github.com/gongbell/ContractFuzzer/blob/master/geFreezingEther.py

This vulnerability is detected mainly through static analysis of the bytecode (no opcode to send ether) and the execution log(balance can be greater than 0 during execution).

This was the implementation realized in the original paper.

A better way to check whether a contract can receive ether is to check whether there is any function having the payable modifier through bytecode analysis.