sGuard+ is a automated vulnerability repair tool for Ethereum smart contracts written in the Solidity language.
sGuard+ supports 5 vulnerability types:
- SWC-101: Integer Overflow and Underflow Vulnerability (IOU)
- SWC-104: Unchecked Call Return Value Vulnerability (UCR)
- SWC-106: Unprotected SELFDESTRUCT Instruction Vulnerability (USI)
- SWC-107: Reentrancy Vulnerability (REN)
- SWC-115: Authorization through Tx-origin Vulnerability (TXO)
Python (v3.8)
Nodejs (v16)
pip install -r requirements.txt
npm install
solc-select install 0.4.26
solc-select use 0.4.26
cd src
node index.js ../example/motivation_example.sol
The repaired contract is
pragma solidity ^0.4.0;
contract sGuardPlus {
constructor() internal {
__lock_modifier0_lock = false;
}
function add_uint(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
assert(c >= a);
return c;
}
bool private __lock_modifier0_lock;
modifier __lock_modifier0() {
require(!__lock_modifier0_lock);
__lock_modifier0_lock = true;
_;
__lock_modifier0_lock = false;
}
}
contract Reentrancy_bonus is sGuardPlus {
mapping(address => uint256) private userBalances;
mapping(address => bool) private claimedBonus;
mapping(address => uint256) private rewardsForA;
function withdrawReward(address recipient) public {
uint256 amountToWithdraw = rewardsForA[recipient];
rewardsForA[recipient] = 0;
(bool success, ) = recipient.call.value(amountToWithdraw)("");
require(success);
}
function getFirstWithdrawalBonus(address recipient)
public
__lock_modifier0
{
require(!claimedBonus[recipient]);
rewardsForA[recipient] = add_uint(rewardsForA[recipient], 100);
withdrawReward(recipient);
claimedBonus[recipient] = true;
}
}
sGuard+ is licensed under the MIT license.