ucsb-seclab / greed

A symbolic execution engine for EVM smart contract binaries.
https://ucsb-seclab.github.io/greed/
MIT License
75 stars 12 forks source link
binary-analysis exploit-development smart-contracts symbolic-execution

greed

ubuntu python Version Tests License Docs

⚡️ Installation

# Clone this repo
git clone git@github.com:ucsb-seclab/greed.git
# Create a virtual environment (e.g., using virtualenvwrapper)
mkvirtualenv greed
# Activate the virtual environment
workon greed
# Install greed (will setup gigahorse, yices, and `pip install -e greed`)
cd greed
./setup.sh

🚀 Usage

First, the contract needs to be pre-processed with gigahorse. This can be done in two ways:

# IMPORTANT: create a new folder. The analyses will pollute the current working directory
mkdir /tmp/test_contract
cd /tmp/test_contract/

# OPTION 1: From the solidity source
cp <contract_source> contract.sol
analyze_source.sh contract.sol

# OPTION 2: From the contract bytecode
cp <contract_bytecode> contract.hex
analyze_hex.sh contract.hex

Then, to use greed in your python project:

from greed import Project

p = Project(target_dir="/tmp/test_contract/")

entry_state = p.factory.entry_state(xid=0)
simgr = p.factory.simgr(entry_state=entry_state)
simgr.run()

Or to run greed from the command line:

greed /tmp/test_contract [--debug] [--find <address>]

🚦 Testing

cd greed/tests

# Run the full test suite with pytest
pytest

# Or manually run a single test
./test_math.py --debug

🧱 Architecture

Offline representation

Runtime representation

🎓 Academia

If you are using greed for an academic publication, we would really appreciate a citation to the following work:

@inproceedings{gritti2023confusum,
title={Confusum contractum: confused deputy vulnerabilities in ethereum smart contracts},
author={Gritti, Fabio and Ruaro, Nicola and McLaughlin, Robert and Bose, Priyanka and Das, Dipanjan and Grishchenko, Ilya and Kruegel, Christopher and Vigna, Giovanni},
booktitle={32nd USENIX Security Symposium (USENIX Security 23)},
pages={1793--1810},
year={2023}
}

@inproceedings{ruaro2024crush,
title={Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts},
author={Ruaro, Nicola and Gritti, Fabio and McLaughlin, Robert and Grishchenko, Ilya and Kruegel, Christopher and Vigna, Giovanni},
booktitle={Network and Distributed Systems Security (NDSS) Symposium 2024},
year={2024}
}