{"id":21001636,"url":"https://github.com/vprlab/somo","last_synced_at":"2025-06-20T19:39:11.167Z","repository":{"id":207339207,"uuid":"603952202","full_name":"VPRLab/SoMo","owner":"VPRLab","description":"A specialized tool for smart contract modifier analysis based on the Modifier Dependency Graph (MDG)","archived":false,"fork":false,"pushed_at":"2024-03-02T16:20:52.000Z","size":64,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-12T06:38:50.161Z","etag":null,"topics":["modifier","program-analysis","security-tools","slither","smart-contracts","solidity","static-analyzer","taint-analysis"],"latest_commit_sha":null,"homepage":"https://dl.acm.org/doi/abs/10.1145/3597926.3598125","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VPRLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-20T02:28:10.000Z","updated_at":"2025-04-07T03:51:49.000Z","dependencies_parsed_at":"2024-03-02T17:30:56.413Z","dependency_job_id":"e3ae0dea-e9ea-45bc-89e3-8908538c3c8d","html_url":"https://github.com/VPRLab/SoMo","commit_stats":null,"previous_names":["vprlab/somo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/VPRLab/SoMo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VPRLab%2FSoMo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VPRLab%2FSoMo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VPRLab%2FSoMo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VPRLab%2FSoMo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VPRLab","download_url":"https://codeload.github.com/VPRLab/SoMo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VPRLab%2FSoMo/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261006188,"owners_count":23095999,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["modifier","program-analysis","security-tools","slither","smart-contracts","solidity","static-analyzer","taint-analysis"],"created_at":"2024-11-19T08:16:02.985Z","updated_at":"2025-06-20T19:39:06.140Z","avatar_url":"https://github.com/VPRLab.png","language":"Python","readme":"# SoMo: Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts\n\n### For the dataset used in the paper, please refer to the dataset repository at [VPRLab/ModifierDataset](https://github.com/VPRLab/ModifierDataset).\n\n## Overview\n\n`SoMo` is the implementation of the paper titled *\"SoMo: Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts\"* published on \"ISSTA'23\", which has been integrated into [MetaScan](https://metatrust.io/metascan) services hosted at [MetaTrustLab](https://github.com/MetaTrustLabs). `SoMo` is a static analyzer designed for detecting **\u003cu\u003ebypassable\u003c/u\u003e** `modifier` in `Solidity` smart contracts based on taint analysis and [Slither](https://github.com/crytic/slither).\n\n## Usage\n\nYou can find the ISSTA paper via this [link](https://daoyuan14.github.io/papers/ISSTA23_SoMo.pdf) and please consider citing our paper if it's useful to you.\n\n```latex\n@INPROCEEDINGS{SoMo2023,\n  author = {Fang, Yuzhou and Wu, Daoyuan and Yi, Xiao and Wang, Shuai and Chen, Yufan and Chen, Mengjie and Liu, Yang and Jiang, Lingxiao},\n  booktitle = {Proc. ACM ISSTA},\n  title = {Beyond ``Protected'' and ``Private'': An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts},\n  year = {2023}\n}\n```\n\nMetaTrustLab hosts another version of `SoMo` running on [MetaScan](https://metatrust.io/metascan), and the code is available in [falcon](https://github.com/MetaTrustLabs/falcon-metatrust/tree/main/falcon/somo).\n\n## Get Started\n\n### Prerequisites\n\n- We ran our experiments on Ubuntu 20.04 LST OS.\n- We used Python 3.10 to develop `SoMo`.\n- `SoMo` relies on `slither`, `sold-select`, `networks`, and `z3-solver`. All the essential packages are listed in `requirements.txt`. \n\nThere are steps to locally build `SoMo`.\n\n```shell\ngit clone git@github.com:VPRLab/SoMo.git \u0026\u0026 cd SoMo\npip install -r requirements.txt\n```\n\n###  Quick Start\n\n`SoMo` takes two arguments, including the contract source code and contract setting.\n\n- Contract source code is usually a file with a `.sol` suffix.\n- Contract setting is a `json` file, which contains two essential fields, namely:\n  - `ContractName`: which contracts were actually deployed to Ethereum mainnet.\n  - `CompilerVersion`: which compilers were used to compile the source code.\n\nUsers can specify paths of the source code and setting files by `-c, --code` and `-s, --setting`, respectively.\n\nFor instance, there is a vulnerable contract under the `example` folder with its settings.\n\nTo detect the bypassable modifiers, users can invoke `SoMo` in the following instruction.\n\n```shell\npython somo -c example/contract.sol -s example/contract.json\n```\n\nFor more information, please refer to our paper or get help from `python somo -h`.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvprlab%2Fsomo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvprlab%2Fsomo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvprlab%2Fsomo/lists"}