Best Smart contract hacking tool (Round 1)

Here is the list of the most known Ethereum hacking tools used for auditing smart contracts:

• Slither: https://github.com/crytic/slither
• Mythril: https://mythril-classic.readthedocs.io/en/master/installation.html
• Mythix: https://mythx.io/
• Remix solidity static analysis plugin: https://remix.ethereum.org

Are they reliable? Can you REALLY hack a smart contract by pressing a button?

We’ll see that.

Note: If you’re on Windows, don’t worry although most of the tools available (or easier to install) on Linux, you can use WSL (windows subsystem for linux) here: https://apps.microsoft.com/store/detail/ubuntu-on-windows/9NBLGGH4MSV6?hl=fr-fr&gl=FR

Test: a dangerous Smart contract

Bellow is a simple smart contract full of vulnerabilities.

You can find an integer overflow, a reentrency, an untrusted delegate call, the use of tx.origin and a lot of others. (if you’re a beginner on smart contract security, you can try to “audit” this smart contract and find the flaws)

pragma solidity ^0.7.0;
contract Vulnerable {
address owner;
mapping (address => bool) claimed;
uint number;
mapping (address => uint) holders;
function delegateCallDanger(address _addr) external {
    _addr.delegatecall(msg.data);
}
function vulnerable(address _addr) external {
    owner = _addr;
}
function claim1ETH(address _addr) external {
    require(!claimed[_addr]);
    _addr.call{value: 1 ether}("");
    claimed[_addr] = true;
}
function changeOwner(address _owner) external {
    require(tx.origin == owner);
    owner = _owner;
}
function addNumber(uint x) external {
    number += x;
    require(number < 100000000000000000);
}
function byebye() external {
    selfdestruct(0xaaC5322e456d45E7b6c452038836C5631C2AeBc0);
}
function testtime() external {
    if (block.timestamp > 150000000000) {
        msg.sender.transfer(1 ether);
    }
}
function GuessTheRandomNumber() public payable {
    require(msg.value == 1 ether);
    uint8 number = uint8(uint256(keccak256(abi.encodePacked(block.timestamp, block.difficulty)))%251);
    if (number == 42) {
        msg.sender.transfer(2 ether);
    }
}
}

The flaws are very obvious, but can the automated tools detect these flaws? Let’s find out!

Findings (1. Remix static analyzer)

Did you know, that you can analyze your smart contract with remix by using a plugin?

Bellow is the instructions to activate this plugin. (solidity static analysis)

We can see that Remix has instantly detected:

• Transaction origin: Use of tx.origin: “tx.origin” is useful only in very exceptional cases.
• Use of “block.timestamp”: “block.timestamp” can be influenced by miners to a certain degree.
• Use of selfdestruct: Can block calling contracts unexpectedly.
• Check-effects-interaction: “Vulnerable.claim1ETH(address): Could potentially lead to re-entrancy vulnerability.”
• Use of “delegatecall”: should be avoided whenever possible.
• Others “low” disclosed

The static analyzer only detected the reentrency, others “findings” are not enough “detailed” by remix to be counted as a vulnerability.

As good scanner need to “explain” the finding, because in our case

• Not every selfdestruct() are flaw. (only unprotected ones like here)
• Not every delegatecall() are flaw. (only unprotected ones like here)
• Not every tx.origin are flaw. (but it’s the case 90% of the time)

Moreover the remix static analyzer missed a lot of others flaws. (which, you will see next)

Final Rating: 3/10.

Findings (2. Mythril)

Mythril is a command line tool, which an analyze smart contracts too, let’s see if it can perform better than the Remix static analyzer.

• [Low] in testtime() : use of block.timestamp
• [high] in testtime() : anyone can withdraw eth from the contract account
• [Low] in GuesseTheRandomNumber() : A control flow decision is made based on a predictable variable. (can be manipulated by a malicious miner)
• [Medium] delegateCallDanger(address) : The contract delegates execution to another contract with a user-supplied address.
• [Low] delegateCallDanger(address) : The return value of a message call is not checked (in 1others functions)
• [high] byebye() : The contract can be killed by anyone.
• [medium] changeOwner(address) : The smart contract retrieves the transaction origin (tx.origin) using msg.origin
• [Medium] claim1ETH(address) : A call to a user-supplied address is executed.
• [High] claim1ETH(address) : Anyone can withdraw ETH from the contract account.
• [Medium] claim1ETH(address) : Persistent state read/write after call
• [High] addNumber(uint256) : The binary addition can overflow.

The FREE tool Mythril performed way better on the test contract, he found almost all the flaws in the smart contract, this is a good news.

Final Score: 8/10

Findings (3. Mythix)

• [High] The arithmetic operator can overflow
• [High] Any sender can withdraw Ether from the contract account. (3 functions — 2 fake positives)
• [High] Any sender can cause the contract to self-destruct.
• [Low] Read of persistent state following external call.
• [Low] Use of “tx.origin” as a part of authorization control.
• [Low] A control flow decision is made based on The block.timestamp environment variable. (x2)

Mythx found about 2/3 of the flaws, but missed the reentrency and found some false positives in “high”.

• the tx.origin authorization should be in “high”, same for the “block.timestamp” control flow

Final Score: 6/10

Findings (4. Slither)

• [High] Vulnerable.claim1ETH(address) (contract.sol#1) sends eth to arbitrary user
• [High] Vulnerable.testtime() (contract.sol#1) sends eth to arbitrary user
• [High] Vulnerable.GuessTheRandomNumber() (contract.sol#1) sends eth to arbitrary user
• [High] Vulnerable.GuessTheRandomNumber() (contract.sol#1) uses a weak PRNG:
• [High] Vulnerable.delegateCallDanger(address) (contract.sol#1) uses delegatecall to a input-controlled function id
• [High] Reentrancy in Vulnerable.claim1ETH(address) (contract.sol#1):
• [medium] Vulnerable.changeOwner(address) (contract.sol#1) uses tx.origin for authorization: require(bool)(tx.origin == owner) (contract.sol#1)
• [medium] Vulnerable.GuessTheRandomNumber() (contract.sol#1) uses a dangerous strict equality:
• Some others low and medium were discarded

Good performance too, slither didn’t find the integer Overflow but all others vulnerabilities were correct. (and no false positives)

Final Score: 9/10

Conclusion

These 4 automated tools found almost all the smart contract flaws. (With a slight advantage for slither.)

But don’t forget: that doesn’t mean you can’t fully rely on them as they didn’t detected all the flaws. (especially some “hard” flaws)
In the next round, I will challenge these smart tools by submitting harder to hack smart contracts. (like real ones or CTF ones)

Moreover, keep in mind that they are not that easy to use, sometimes:

• when you install them, you have an error
• when you run them, you have another error

(this was the case for some other tools that I can’t make work after dozens of tries…)

If you’ve done pentesting on web2, there is also a lot of automated tools of scanning websites but results are quite the same, although there were able to the discover most of “obvious” flaws, logical vulnerabilities and hidden one were undetected.