三十四、以太坊智能合约静态安全分析
以太坊的智能合约代码审计,笔者找到两种方式:一是 CertiK,一个提供智能合约安全服务的区块链平台,是一条公链系统,采用 PoP(proof-of-proof)共识机制,用来分析合约需要消耗该区块链平台的原生数字币;二是使用本地化的静态安全分析工具。本篇将主要介绍本地化的静态安全分析工具。
静态安全分析工具主要有 Oyente、Maian、Mythril。Oyente 是 DAO 漏洞发生后,由某团队研发并开源的,目前基本上已经过时。Maian 是一款更先进的工具,但团队担心工具被攻击者非法利用,因此并未开源。Mythril 借鉴了前面两个工具的优点,且已经开源,本篇就是这款工具的使用介绍,通过 Docker 方式使用,还是比较方便的。
一、下载镜像
docker pull mythril/myth
二、编译合约获取 Bytecode
如果是用 truffle 构建的合约项目,使用以命令进行编译:
truffle compile
之后在 build 目录,找到合约的 json 文件,其中就可以找到 bytecode:
{
"contractName": "Airdrop",
...
"bytecode": "0x608060405234801561001057600080fd5b506102e2806100206000396000f300608060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631561ae3114610046575b600080fd5b34801561005257600080fd5b506100f4600480360381019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803590602001908201803590602001908080602002602001604051908101604052809392919081815260200183836020028082843782019150505050505091929192908035906020019092919050505061010e565b604051808215151515815260200191505060405180910390f35b600080600080855111151561012257600080fd5b60405180807f7472616e7366657246726f6d28616464726573732c616464726573732c75696e81526020017f7432353629000000000000000000000000000000000000000000000000000000815250602501905060405180910390209150600090505b84518110156102a8578573ffffffffffffffffffffffffffffffffffffffff16827c010000000000000000000000000000000000000000000000000000000090048887848151811015156101d557fe5b90602001906020020151876040518463ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200182815260200193505050506000604051808303816000875af192505050151561029b57600080fd5b8080600101915050610185565b6001925050509493505050505600a165627a7a72305820dd2f79867460b3f93bacf34118b328b1314c2377e5e9965e947124b7139a2dcf0029",
...
}
三、调用容器分析合约
docker run mythril/myth -xc 0x608060...f0029
四、查看分析结果
以笔者的合约为例,也许比较简单,编写也比较规范,并没有扫出什么问题来。
The analysis was completed successfully. No issues were detected.