Update README

pull/2/head
Bernhard Mueller 7 years ago
parent 9a45d6bc8b
commit 0cbefed32d
  1. 39
      README.md

@ -57,7 +57,7 @@ $ mythril --search "code#PUSH1 0x50,POP#"
$ mythril --search "func#changeMultisig(address)# and code#PUSH1 0x50#" $ mythril --search "func#changeMultisig(address)# and code#PUSH1 0x50#"
``` ```
### Other commands ### Disassembler
You can also disassemble and trace code using the `-d` and `-t` flags, respectively. When tracing, the code is run in the PyEthereum virtual machine with the (optional) input data passed via the `--data` flag. You can also disassemble and trace code using the `-d` and `-t` flags, respectively. When tracing, the code is run in the PyEthereum virtual machine with the (optional) input data passed via the `--data` flag.
@ -72,7 +72,32 @@ vm op=PUSH1 gas=b'20997' stack=[b'96'] depth=0 steps=1 inst=96 pushvalue=64 pc=b
vm op=MSTORE gas=b'20994' stack=[b'96', b'64'] depth=0 steps=2 inst=82 pc=b'4' vm op=MSTORE gas=b'20994' stack=[b'96', b'64'] depth=0 steps=2 inst=82 pc=b'4'
``` ```
Do note however that the disassembly / debugging functionality is currently quite bare-bones. If you are planning to do manual analysis, I recommend using [remix](https://remix.ethereum.org/) and [etherscan](https://etherscan.io). Do note however that the disassembly / debugging functionality is still quite bare-bones. For manual analysis & debugging I recommend using [remix](https://remix.ethereum.org/) and [etherscan](https://etherscan.io).
#### Finding cross-references
It is often useful to know what other addresses are referenced by a particular contract. Let's say you are looking for conditions similar to the [Parity Multisig Wallet Bug](http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/). First, you want to find a list of contracts that use the `DELEGATECALL` opcode:
```
$ mythril --search "code#DELEGATECALL#"
Matched contract with code hash 05e8f07600bd384d82a71aaccaf4b3d3
Address: 0x432f96e95d249351391583cef9cbda38f26238c8, balance: 1000000000000000
Matched contract with code hash 07459966443977122e639cbf7804c446
Address: 0x76799f77587738bfeef09452df215b63d2cfb08a, balance: 1000000000000000
Address: 0x3582d2a3b67d63ed10f1ecaef0dca71b9283b543, balance: 92000000000000000000
Address: 0x4b9bc00c35f7cee95c65c3c9836040c37dec9772, balance: 89000000000000000000
Address: 0x156d5687a201affb3f1e632dcfb9fde4b0128211, balance: 29500000000000000000
(...)
```
You can then use the `--xrefs` flag to find other contracts referenced by each of those contracts:
```
$ mythril/mythril --xrefs 07459966443977122e639cbf7804c446
5b9e8728e316bbeb692d22daaab74f6cbf2c4691
```
Then, head to Etherscan to check out the source code, or use the tracer to dynamically test for issues.
## Custom scripts ## Custom scripts
@ -80,6 +105,16 @@ By combining modules of Mythril and [PyEthereum](https://github.com/ethereum/pye
-- TODO: Add example(s) -- -- TODO: Add example(s) --
## Issues
The RPC database sync is not a very good solution. I explored some other options, including:
- Using PyEthereum: I encountered issues syncing PyEthereum with Homestead. Also, PyEthApp only supports Python 2.7, which causes issues with other important packages.
- Accessing the Go-Ethereum LevelDB: This would be a great option. However, PyEthereum database code seems unable to deal with Go-Ethereum's LevelDB. It would take quite a bit of effort to figure this out.
- IPC might allow for faster sync then RPC - haven't tried it yet.
I'm writing this in my spare time, so contributors would be highly welcome!
## Credit ## Credit
JSON RPC library is adapted from [ethjsonrpc](https://github.com/ConsenSys/ethjsonrpc) (it doesn't seem to be maintained anymore, and I needed to make some changes to it). JSON RPC library is adapted from [ethjsonrpc](https://github.com/ConsenSys/ethjsonrpc) (it doesn't seem to be maintained anymore, and I needed to make some changes to it).

Loading…
Cancel
Save