GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nevillegrech → MadMax

nevillegrech / MadMax

Licence: BSD-3-Clause license
Ethereum Static Vulnerability Detector for Gas-Focussed Vulnerabilities

Labels

decompilerethereumblockchain-technologysecurity-tools

Projects that are alternatives of or similar to MadMax

DataToken
Decentralized access control middleware for data exchange and monetization
Stars: ✭ 17 (-82.29%)
Mutual labels:  blockchain-technology
ghidra-r2web
Ghidra plugin to start an r2 webserver to let r2 interact with it
Stars: ✭ 38 (-60.42%)
Mutual labels:  decompiler
blockgeeks-build-blockchain-advanced
Code that shows how to build your own Bitcoin-like blockchain with JavaScript.
Stars: ✭ 24 (-75%)
Mutual labels:  blockchain-technology
unbox
🎁 unbox - Unpack and Decompile the $h*! out of things
Stars: ✭ 39 (-59.37%)
Mutual labels:  decompiler
blockchain-VCoin
Simple Implementation Proof of Work blockchain coin.
Stars: ✭ 16 (-83.33%)
Mutual labels:  blockchain-technology
readme
The Blockchain Bible,a collections for blockchain tech,bitcoin,ethereum,crypto currencies,cryptography,decentralized solutions,business scenarios,hyperledger tech,meetups,区块链,数字货币,加密货币,比特币,以太坊,密码学,去中心化,超级账本
Stars: ✭ 46 (-52.08%)
Mutual labels:  blockchain-technology
SDA
SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.
Stars: ✭ 98 (+2.08%)
Mutual labels:  decompiler
sleigh
Unofficial CMake build for Ghidra SLEIGH
Stars: ✭ 54 (-43.75%)
Mutual labels:  decompiler
class
Rust library for building IQC: cryptography based on class groups of imaginary quadratic orders
Stars: ✭ 54 (-43.75%)
Mutual labels:  blockchain-technology
deep ethereum
电子书:以太坊技术与实现
Stars: ✭ 304 (+216.67%)
Mutual labels:  blockchain-technology
php-enphp-decoder
EnPHP Decoder written in PHP
Stars: ✭ 105 (+9.38%)
Mutual labels:  decompiler
LuaToolkit
Lua Encode/Decoder/Decompiler/Obfuscator in C#
Stars: ✭ 48 (-50%)
Mutual labels:  decompiler
berlinblockchainweek
Website for Berlin Blockchain Week 2018
Stars: ✭ 15 (-84.37%)
Mutual labels:  blockchain-technology
radiator
Hive Ruby API Client
Stars: ✭ 49 (-48.96%)
Mutual labels:  blockchain-technology
Aquarium
A minimalistic blockchain implementation
Stars: ✭ 27 (-71.87%)
Mutual labels:  blockchain-technology
ghidra2dwarf
🐉 Export ghidra decompiled code to dwarf sections inside ELF binary
Stars: ✭ 135 (+40.63%)
Mutual labels:  decompiler
react-native-defi-app
React Native Defi Decentralized Applications(dApps)
Stars: ✭ 31 (-67.71%)
Mutual labels:  blockchain-technology
rippled-php
A PHP library for rippled (XRP Ledger) communication.
Stars: ✭ 33 (-65.62%)
Mutual labels:  blockchain-technology
rivine
Blockchain technology for creating custom chains.
Stars: ✭ 23 (-76.04%)
Mutual labels:  blockchain-technology
HealthLedger
Application for tracking Organs donations in hospitals and minimizing the scope of Organ trafficking using Blockchain (Hyperledger) technology.
Stars: ✭ 29 (-69.79%)
Mutual labels:  blockchain-technology
View All Similar Projects ➔

Note: you need to clone this repo using the --recursive flag since this repo has submodules, e.g.,

git clone [email protected]:nevillegrech/MadMax.git --recursive

MadMax

License GitHub Repo stars Twitter Follow

Madmax consists of a series of analyses and queries that find gas-focussed vulnerabilities in Ethereum smart contracts. The analyses are performed on the Gigahose IR, which is lifted from Ethereum bytecode. The first version of MadMax used Vandal.

How to use

First follow the instructions in gigahorse-toolchain for instructions on installation of Gigahorse. In a nutshell, this requires the installation of the Souffle Datalog engine, custom functors and Boost.

In order to run MadMax using Gigahorse, you can use the following incantation:

gigahorse-toolchain/gigahorse.py -C madmax.dl <contract.hex>

Where <contract.hex> is a compiled Ethereum contract, or a directory of contracts. If you're running this for the first time it will take longer due to compilation of Datalog files. The output of the analysis results can be found under .temp/**/out/*.csv and results.json. A summary is also printed to the screen.

To see whether an individual contract is flagged or not if, check whether there are any entries inside the WalletGriefing, UnboundedMassOp and OverflowLoopIterator relations.

Live Deployment

MadMax is now deployed as a client for the Gigahorse framework. One can see the latest version in action on contract-library.com. If you would like to test your own contract please deploy it on an Ethereum test network (e.g. Ropsten) and then view the results of the analysis at contract-library.

For a list of contracts flagged by MadMax on the entire Ethereum chain (updated in realtime to reflect all deployed contracts), please visit the following pages, for each vulnerability type, respectively:

Unbounded Operation

Wallet Griefing

Induction Variable Overflow

Publications

MadMax: surviving out-of-gas conditions in Ethereum smart contracts Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis Proceedings of the ACM in Programming Languages (OOPSLA) 2018 PDF

🏆 Distinguished Paper 🏆

MadMax: Analyzing the Out-of-Gas World of Smart Contracts Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis Communications of the ACM 2020 PDF

🏆 CACM research highlight 🏆

IMAGE ALT TEXT HERE

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].