{"id":13742195,"url":"https://github.com/palkeo/pakala","last_synced_at":"2025-12-13T23:04:33.377Z","repository":{"id":38370064,"uuid":"160229123","full_name":"palkeo/pakala","owner":"palkeo","description":"Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine","archived":false,"fork":false,"pushed_at":"2022-06-07T15:57:48.000Z","size":209,"stargazers_count":343,"open_issues_count":0,"forks_count":29,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-18T03:24:42.491Z","etag":null,"topics":["ethereum","ethereum-virtual-machine","security","security-scanner","symbolic-execution"],"latest_commit_sha":null,"homepage":"https://www.palkeo.com/en/projets/ethereum/pakala.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/palkeo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-03T17:31:46.000Z","updated_at":"2025-04-15T02:37:44.000Z","dependencies_parsed_at":"2022-08-09T03:15:46.997Z","dependency_job_id":null,"html_url":"https://github.com/palkeo/pakala","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkeo%2Fpakala","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkeo%2Fpakala/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkeo%2Fpakala/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkeo%2Fpakala/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/palkeo","download_url":"https://codeload.github.com/palkeo/pakala/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253165065,"owners_count":21864372,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethereum","ethereum-virtual-machine","security","security-scanner","symbolic-execution"],"created_at":"2024-08-03T05:00:19.485Z","updated_at":"2025-12-13T23:04:33.312Z","avatar_url":"https://github.com/palkeo.png","language":"Python","funding_links":[],"categories":["Tools","Symbolic Execution"],"sub_categories":[],"readme":"Pakala\n======\n\n[![PyPI](https://badge.fury.io/py/pakala.svg)](https://pypi.python.org/pypi/pakala)\n[![Build States](https://circleci.com/gh/palkeo/pakala.svg?style=svg)](https://circleci.com/gh/palkeo/pakala)\n\n\u003cimg align=\"right\" src=\"https://www.palkeo.com/en/_images/pakala-mani-sona.svg.png\"\u003e\n\n*\"ilo Pakala li pakala e mani sona\"*\n\n* Pakala is a tool to search for exploitable bugs in Ethereum smart contracts.\n* Pakala is a symbolic execution engine for the Ethereum Virtual Machine.\n\nThe intended public for the tool are security researchers interested by Ethereum / the EVM.\n\nInstallation\n------------\n\n```\npip3 install pakala\n```\n\nIt works only with python 3.\n\nUsage\n-----\n\nLet's look at [0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C](http://eveem.com/code/0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C):\nit has a ``transfer(address _to, uint256 _value)`` function. It is supposedly protected by a ``require(call.value - _value) \u003e= 0``\nbut that condition always holds because we are substracting two unsigned integers, so the result is also an unsigned integer.\n\nLet's scan it:\n\n```\npakala 0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C --force-balance=\"1 ether\"\n```\n\nThe contract balance being 0, we won't be able to have it send us some ethers.\nSo we override the balance to be 1 ETH: then it has some \"virtual\" money to send us.\n\nThe tool with tell you a bug was found, and dump you a path of \"states\". Each\nstate corresponds to a transaction, with constraints that needs to be respected\nfor that code path to be taken, storage that has been read/written...\n\nAdvice: look at ``calldata[0]`` in the constraints to see the function signature for each transaction.\n\nSee ``pakala help`` for more complete usage information.\n\nHow does it works? What does it do?\n-----------------------------------\n\nSee the [introductory article](https://www.palkeo.com/projets/ethereum/pakala.html) for more information and a demo.\n\nIn a nutshell:\n\n* It's very good at finding simple bugs in simple contracts.\n* The false-positive rate is very low. If it flags your contract it's likely people can drain it.\n* It can exploit non-trivial bugs requiring to overwrite some storage keys with others (array size underflow...), has a good\n  modeling of cryptographic hashes, and support chaining multiple transactions.\n\nHowever, It only implements an \"interesting\" subset of the EVM. It doesn't handle:\n\n* gas,\n* precompiles,\n* or a contract interacting with other contracts (DELEGATECALL, STATICCALL...).\n\nThis means that CALL support is limited to sending ethers. Other tools like Manticore can do that much better, and the focus for\nPakala was offensive vulnerability scanning of contracts *en masse*.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalkeo%2Fpakala","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpalkeo%2Fpakala","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalkeo%2Fpakala/lists"}