示例#1
0
        sellerBalance += value; // complicated math with possible overflow

        // possible auditor assert
        assert(sellerBalance >= value); 
    } 
}
'''
#Initialize user and contracts
user_account = seth.create_account(balance=1000)
contract_account = seth.solidity_create_contract(source_code, owner=user_account, balance=0)

#First add won't overflow uint256 representation
contract_account.add(seth.SValue)

#Potential overflow
contract_account.add(seth.SValue)


print "[+] There are %d reverted states now"% len(seth.final_state_ids)
for state_id in seth.final_state_ids:
    seth.report(state_id)

print "[+] There are %d alive states now"% len(seth.running_state_ids)
for state_id in seth.running_state_ids:
    seth.report(state_id)

print "[+] Global coverage: %x"% contract_account
print seth.coverage(contract_account)
示例#2
0
bytecode = m.compile(source_code)
#Initialize contract
contract_account = m.create_contract(owner=user_account,
                                     balance=0,
                                     init=bytecode)

m.transaction(
    caller=user_account,
    address=contract_account,
    value=None,
    data=m.SByte(164),
)

#Up to here we get only ~30% coverage.
#We need 2 transactions to fully explore the contract
m.transaction(
    caller=user_account,
    address=contract_account,
    value=None,
    data=m.SByte(164),
)

print "[+] There are %d reverted states now" % len(m.final_state_ids)
print "[+] There are %d alive states now" % len(m.running_state_ids)
for state_id in m.running_state_ids:
    print m.report(state_id)

print "[+] Global coverage: %x" % contract_account
print m.coverage(contract_account)
示例#3
0
print "[+] Setup the exploit"
exploit_account.set_vulnerable_contract(contract_account)

print "\t Setting 30 reply reps"
exploit_account.set_reentry_reps(30)

print "\t Setting reply string"
exploit_account.set_reentry_attack_string(seth.SByte(4))

#Attacker is
print "[+] Attacker first transaction"
exploit_account.proxycall(seth.SByte(4), value=seth.SValue)

print "[+] Attacker second transaction"
exploit_account.proxycall(seth.SByte(4))

print "[+] The attacker destroys the exploit contract and profit"
exploit_account.get_money()

#print "[+] There are %d reverted states now"% len(seth.final_state_ids)
#for state_id in seth.final_state_ids:
#     seth.report(state_id)

print "[+] There are %d alive states now" % (len(seth.running_state_ids))
for state_id in seth.running_state_ids:
    seth.report(state_id)

print "[+] Global coverage:"
print seth.coverage(contract_account, ty='SUICIDE')