If you are interested in Ethereum Smart Contracts Bug Bounty, this open-source tool is for you.
In 2020, with my colleague, we’ve developed a tool named SCVADetection (Smart Contracts Vulnerability and Attack Detection) which is available on GitHub.
The tool is written in Java and Python, and used via a GUI which is so simple.
The vulnerabilities and attacks detected by our tool are :
- App1 : Based on a Machine Learning approach, it detects Reentrancy Attack, Integer Overflow and Underflow, Transaction order dependence, Timestamp dependence.
- App2 : Reentrancy Attack.
- App3 : Reentrancy Vulnerability.
- App4 : Incorrect Blockhash, Timestamp dependence, Blocknumber dependence, Pseudo-Random Number Generator (PRNG)
Here is a simple demo using TheDAO contract
By using the option “Insert an address of a Smart Contract”, I’ll be able to insert TheDAO address.
0xbb9bc244d798123fde783fcc1c72d3bb8c189413
We know that TheDAO hack occurred at the block number : 1718497which we’ll use in the next step, by selecting a range starting at 1718497and ending at 1718597
In the next step will generate what we called Detection Aid Modules (DAM), at the same time, the tool will create a folder at your current work space
The final step is to launch the applications to generate PDF reports
General Report
App1
App2
App3
App4
Important. In the source code of our tool, the original comments and variable names, also the GUI were written in French, so that I had to translate the whole source code so that it’ll be useful to all English speakers, I hope the tool is still working perfectly, if not, I’ll try to maintain it in my spare time.
[Credit to my colleague Mélissa]
If you appreciate, please leave a comment, and follow me to get notified whenever I write new articles, you can also follow me on Twitter :)
New to trading? Try crypto trading bots or copy trading on best crypto exchanges
Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News
