Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nevillegrech/MadMax

Ethereum Static Vulnerability Detector for Gas-Focussed Vulnerabilities
https://github.com/nevillegrech/MadMax

blockchain-technology decompiler ethereum security-tools

Last synced: about 1 month ago
JSON representation

Ethereum Static Vulnerability Detector for Gas-Focussed Vulnerabilities

Host: GitHub
URL: https://github.com/nevillegrech/MadMax
Owner: nevillegrech
License: bsd-3-clause
Created: 2018-09-01T13:25:32.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-12-07T03:18:59.000Z (about 2 years ago)
Last Synced: 2024-08-01T22:48:38.244Z (4 months ago)
Topics: blockchain-technology, decompiler, ethereum, security-tools
Size: 1.09 MB
Stars: 131
Watchers: 6
Forks: 16
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS

Awesome Lists containing this project

awesome-hacking-lists - nevillegrech/MadMax - Ethereum Static Vulnerability Detector for Gas-Focussed Vulnerabilities (Others)

README

Note: you need to clone this repo using the `--recursive` flag since this repo has submodules, e.g.,

`git clone [email protected]:nevillegrech/MadMax.git --recursive`

# MadMax
![License](https://img.shields.io/github/license/nevillegrech/MadMax) ![GitHub Repo stars](https://img.shields.io/github/stars/nevillegrech/MadMax) [![Twitter Follow](https://img.shields.io/twitter/follow/neville_grech.svg?style=social)](https://twitter.com/neville_grech)

Madmax consists of a series of analyses and queries that find gas-focussed vulnerabilities in Ethereum smart contracts. The analyses are performed on the [Gigahose](https://github.com/nevillegrech/gigahorse-toolchain) IR, which is lifted from Ethereum bytecode. The first version of MadMax used [Vandal](https://github.com/usyd-blockchain/vandal).

# How to use
First follow the instructions in [gigahorse-toolchain](gigahorse-toolchain/README.md) for instructions on installation of [Gigahorse](https://github.com/nevillegrech/gigahorse-toolchain). In a nutshell, this requires the installation of the Souffle Datalog engine, custom functors and Boost.

In order to run MadMax using Gigahorse, you can use the following incantation:

`gigahorse-toolchain/gigahorse.py -C madmax.dl `

Where `` is a compiled Ethereum contract, or a directory of contracts. If you're running this for the first time it will take longer due to compilation of Datalog files. The output of the analysis results can be found under `.temp/**/out/*.csv` and `results.json`. A summary is also printed to the screen.

To see whether an individual contract is flagged or not if, check whether there are any entries inside the `WalletGriefing`, `UnboundedMassOp` and `OverflowLoopIterator` relations.

# Live Deployment
Some of the techniques developed in the MadMax project are now used in [Dedaub Watchdog](https://dedaub.com/watchdog).

# Publications

MadMax: surviving out-of-gas conditions in Ethereum smart contracts
Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis
Proceedings of the ACM in Programming Languages (OOPSLA) 2018
[PDF](https://www.nevillegrech.com/assets/pdf/madmax-oopsla18.pdf)

🏆 Distinguished Paper 🏆

MadMax: Analyzing the Out-of-Gas World of Smart Contracts
Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis
Communications of the ACM 2020
[PDF](https://www.nevillegrech.com/assets/pdf/madmax-cacm.pdf)

🏆 CACM research highlight 🏆

[![IMAGE ALT TEXT HERE](https://img.youtube.com/vi/LENrSCeoTqg/0.jpg)](https://www.youtube.com/watch?v=LENrSCeoTqg)