This repository contains official Python3 implementation of smart contract analysis tool Ethracer. It can be used to find EO vulnerabilities in smart contracts. For more information about the bugs and the tool, you can read our technical paper Exploiting the laws of order in smart contracts
Install docker from here
Ethracer requires a fully synced blockchain for maximum performance. Sync the blockchain over port 8666, more on this here. If you have a fully synced blockchain already then,
geth --datadir [chainDirectory] --rpc --maxpeers 0 --rpcport 8666
Important: There should be a working network connection between docker and Ethereum blockchain server.
Environment Variables:
ETHRACER_REPORTS: the output dir of the reports (default:report/).ETHEREUM_ENDPOINT: the ethereum endpoint url of an archive node to connect to (default:http://127.0.0.1:8666).- http://127.0.0.1:8666 is the default url, but if you don’t have Ethereum in your computer at port 8666. We override it with ETHEREUM_ENDPOINT=
https://api.archivenode.io/53a3kcmkrewltnor9s53nle05vg46t0k
sudo docker build -t ethracer .
sudo docker run --net='host' -it ethracer bash
cd /ethracer/HB && python3.6 main.py --checkone [Contract source code] [Contract address] --blockchain --owner [Owner address]
cd HB
python main.py --checkone [deployedBytecode.bin] [Contract address] --blockchain --owner [Owner address] --bin
Make sure that you have a Fully synced blockchain (atleast uptil 5400000 block number) and that it is running on port 8666. Run the command below and check the /ethracer/HB/reports directory. You can find all the traces including the minimal ones with EO bugs, for two contracts given in tests folder.
cd /ethracer && make runTests
Our evaluation datasets are available at https://drive.google.com/file/d/1190VXwu502M-vgT8yyuFp0lFUVlxnMhO/view?usp=sharing