Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
mythril/myth

235 lines
8.0 KiB

7 years ago
#!/usr/bin/env python
7 years ago
"""mythril.py: Bug hunting on the Ethereum blockchain
7 years ago
http://www.github.com/b-mueller/mythril
"""
from mythril.ether import evm, util
7 years ago
from mythril.disassembler.callgraph import generate_callgraph
from mythril.ether.contractstorage import get_persistent_storage
from mythril.ether.ethcontract import ETHContract
from mythril.ether.util import compile_solidity
from mythril.rpc.client import EthJsonRpc
7 years ago
from mythril.ipc.client import EthIpc
from mythril.support.loader import DynLoader
from mythril.exceptions import CompilerError
from ethereum import utils
from laser.ethereum import svm, laserfree
7 years ago
from pathlib import Path
7 years ago
import logging
7 years ago
import sys
import argparse
import os
import re
7 years ago
7 years ago
7 years ago
def searchCallback(code_hash, code, addresses, balances):
print("Matched contract with code hash " + code_hash)
7 years ago
for i in range(0, len(addresses)):
print("Address: " + addresses[i] + ", balance: " + str(balances[i]))
7 years ago
def exitWithError(message):
print(message)
sys.exit()
7 years ago
parser = argparse.ArgumentParser(description='Bug hunting on the Ethereum blockchain')
7 years ago
parser.add_argument("solidity_file", nargs='*')
7 years ago
commands = parser.add_argument_group('commands')
commands.add_argument('-d', '--disassemble', action='store_true', help='disassemble')
7 years ago
commands.add_argument('-g', '--graph', help='generate a control flow graph', metavar='OUTPUT_FILE')
commands.add_argument('-x', '--fire-lasers', action='store_true', help='detect vulnerabilities')
7 years ago
commands.add_argument('-t', '--trace', action='store_true', help='trace contract, use with --data (optional)')
commands.add_argument('-s', '--search', help='search the contract database', metavar='EXPRESSION')
commands.add_argument('--xrefs', action='store_true', help='get xrefs from a contract')
commands.add_argument('--hash', help='calculate function signature hash', metavar='SIGNATURE')
commands.add_argument('--init-db', action='store_true', help='initialize the contract database')
inputs = parser.add_argument_group('input arguments')
inputs.add_argument('-c', '--code', help='hex-encoded bytecode string ("6060604052...")', metavar='BYTECODE')
7 years ago
inputs.add_argument('-a', '--address', help='pull contract from the blockchain', metavar='CONTRACT_ADDRESS')
inputs.add_argument('-l', '--dynld', action='store_true', help='auto-load dependencies (experimental)')
inputs.add_argument('--data', help='message call input data for tracing')
options = parser.add_argument_group('options')
options.add_argument('--sync-all', action='store_true', help='Also sync contracts with zero balance')
7 years ago
options.add_argument('--infura-mainnet', action='store_true', help='Use Infura Node service, equivalent to: --rpchost=mainnet.infura.io --rpcport=443 --rpctls="True"')
options.add_argument('--infura-rinkeby', action='store_true', help='Use Infura Node service, equivalent to: --rpchost=rinkeby.infura.io --rpcport=443 --rpctls="True"')
options.add_argument('--infura-kovan', action='store_true', help='Use Infura Node service, equivalent to: --rpchost=kovan.infura.io --rpcport=443 --rpctls="True"')
options.add_argument('--infura-ropsten', action='store_true', help='Use Infura Node service, equivalent to: --rpchost=ropsten.infura.io --rpcport=443 --rpctls="True"')
options.add_argument('--rpchost', default='127.0.0.1', help='RPC host')
options.add_argument('--rpcport', type=int, default=8545, help='RPC port')
options.add_argument('--rpctls', type=bool, default=False, help='RPC port')
options.add_argument('--ipc', help='use IPC interface instead of RPC', action='store_true')
options.add_argument('--enable-physics', type=bool, default=False, help='enable graph physics simulation')
options.add_argument('-v', type=int, help='log level (0-2)', metavar='LOG_LEVEL')
# Get config values
7 years ago
try:
db_dir = os.environ['DB_DIR']
except KeyError:
7 years ago
db_dir = None
7 years ago
try:
solc_binary = os.environ['SOLC']
except KeyError:
solc_binary = 'solc'
7 years ago
# Parse cmdline args
args = parser.parse_args()
if not (args.search or args.init_db or args.hash or args.disassemble or args.graph or args.xrefs or args.fire_lasers or args.trace):
parser.print_help()
sys.exit()
7 years ago
if (args.v):
if (0 <= args.v < 3):
logging.basicConfig(level=[logging.NOTSET, logging.INFO, logging.DEBUG][args.v])
elif (args.hash):
print("0x" + utils.sha3(args.hash)[:4].hex())
sys.exit()
# Database search ops
if args.search or args.init_db:
contract_storage = get_persistent_storage(db_dir)
if (args.search):
try:
contract_storage.search(args.search, searchCallback)
except SyntaxError:
exitWithError("Syntax error in search expression.")
elif (args.init_db):
contract_storage.initialize(args.rpchost, args.rpcport, args.rpctls, args.sync_all, args.ipc)
sys.exit()
7 years ago
# Establish RPC/IPC connection if necessary
7 years ago
if (args.address or len(args.solidity_file)):
7 years ago
if args.ipc:
try:
eth = EthIpc()
7 years ago
7 years ago
except Exception as e:
exitWithError("Error establishing IPC connection: " + str(e))
else:
7 years ago
try:
if args.infura_mainnet:
eth = EthJsonRpc('mainnet.infura.io', 443, True)
elif args.infura_rinkeby:
eth = EthJsonRpc('rinkeby.infura.io', 443, True)
elif args.infura_kovan:
eth = EthJsonRpc('kovan.infura.io', 443, True)
elif args.infura_ropsten:
eth = EthJsonRpc('ropsten.infura.io', 443, True)
else:
eth = EthJsonRpc(args.rpchost, args.rpcport, args.rpctls)
7 years ago
except Exception as e:
exitWithError("Error establishing RPC connection: " + str(e))
7 years ago
7 years ago
# Load / compile input contracts
contracts = []
if (args.code):
7 years ago
contracts.append(ETHContract(args.code, name="MAIN", address = util.get_indexed_address(0)))
elif (args.address):
7 years ago
contracts.append(ETHContract(eth.eth_getCode(args.address), name=args.address, address = args.address))
7 years ago
elif (len(args.solidity_file)):
7 years ago
index = 0
7 years ago
for file in args.solidity_file:
7 years ago
file = file.replace("~", str(Path.home())) # Expand user path
try:
name, bytecode = compile_solidity(solc_binary, file)
except CompilerError as e:
exitWithError(e)
# Max. 16 input files supported!
7 years ago
contract = ETHContract(bytecode, name = name, address = util.get_indexed_address(index))
index += 1
contracts.append(contract)
logging.info(contract.name + " at " + contract.address)
else:
exitWithError("No input bytecode. Please provide EVM code via -c BYTECODE, -a ADDRESS, or -i SOLIDITY_FILES")
# Commands
7 years ago
if (args.disassemble):
7 years ago
easm_text = contracts[0].get_easm()
sys.stdout.write(easm_text)
7 years ago
elif (args.trace):
7 years ago
if (args.data):
trace = evm.trace(contracts[0].code, args.data)
7 years ago
else:
trace = evm.trace(contracts[0].code)
7 years ago
for i in trace:
if (re.match(r'^PUSH.*', i['op'])):
print(str(i['pc']) + " " + i['op'] + " " + i['pushvalue'] + ";\tSTACK: " + i['stack'])
else:
print(str(i['pc']) + " " + i['op'] + ";\tSTACK: " + i['stack'])
elif (args.xrefs):
7 years ago
print("\n".join(contracts[0].get_xrefs()))
7 years ago
elif (args.graph) or (args.fire_lasers):
7 years ago
7 years ago
# Convert to LASER SVM format
7 years ago
modules = {}
for contract in contracts:
7 years ago
modules[contract.address] = contract.as_dict()
if (args.dynld):
loader = DynLoader(eth)
_svm = svm.SVM(modules, dynamic_loader=loader)
else:
_svm = svm.SVM(modules)
7 years ago
if (args.graph):
7 years ago
_svm.simplify_model = True
7 years ago
if args.enable_physics is not None:
physics = True
7 years ago
html = generate_callgraph(_svm, contracts[0].address, args.enable_physics)
7 years ago
7 years ago
try:
with open(args.graph, "w") as f:
f.write(html)
except Exception as e:
7 years ago
print("Error saving graph: " + str(e))
7 years ago
else:
7 years ago
laserfree.fire(modules, contracts[0].address)
else:
parser.print_help()