Skip to content

Latest commit

 

History

History
42 lines (40 loc) · 1.62 KB

README.md

File metadata and controls

42 lines (40 loc) · 1.62 KB

Playing Ethernaut manually and with security tools.

Links:

  • Ethernaut (The CTF)
  • Foundry (To install, DApp framework, manual exploits)
  • Slither (To install, Static Analyse), detecting vulnerabilities)
  • Echidna (To install, Fuzzing, finding bugs with property testing)
  • Manticore (To install, Symbolic Execution, finding sequences of actions leading to exploit)

Commands:

  • (Foundry) Run all manual exploits:
forge test
  • (Foundry) Run single manual exploit:
forge test --match-contract Fallback
  • (Slither) Log contract vulnerabilities:
slither src/1_Fallback/Fallback.sol
  • (Echidna) Find bug (assuming Echidna binaries located at home):
~/echidna-test ./src/1_Fallback/EchidnaFallback.sol --config ./src/1_Fallback/echidna_config.yaml
  • (Manticore) Log list of exploit TX series (attacker executed withdraw) from pre-computed results:
grep withdraw src/1_Fallback/mcore_cli_result/*.tx
  • (Manticore) Log details from single exploit TX set:
cat src/1_Fallback/mcore_cli_result/user_00000008.tx
  • (Manticore) Find exploit series by exploring all contract states (time consuming):
cd src/1_Fallback/ && manticore Fallback.sol && cd ../..
  • (Manticore) Find exploit while providing constraints:
cd src/1_Fallback/ && python3 manticore_fallback.py && cd ../..