|
@@ -131,7 +131,6 @@ We attempted to implement an automatic weakness detection pipeline by using a mu
|
131
|
131
|
\item \textbf{Slither}: A highly useful tool that offers a large static analysis toolkit for solidity, it not only allows the extraction of contract data like storage layouts but also automatic scanning for common weaknesses. Although it did not seem to be able to detect SWC-124, the storage layout functionality was used extensively by our team.
|
132
|
132
|
\end{itemize}
|
133
|
133
|
|
134
|
|
-
|
135
|
134
|
\section{Exploit Creation}\label{sec:exploit-creation}
|
136
|
135
|
|
137
|
136
|
\subsection{Short recap of weakness definitions}
|
|
@@ -193,7 +192,7 @@ Using the heuristics above, we were not able to find a contract that is vulnerab
|
193
|
192
|
|
194
|
193
|
\subsection{Non-exploitable contracts}
|
195
|
194
|
|
196
|
|
-\noindent Solidity files that contained no contracts:
|
|
195
|
+\noindent Solidity files that contained no contracts, just libraries, that would not introduce SWC-124 to the contracts using them as per the heuristics:
|
197
|
196
|
|
198
|
197
|
\begin{itemize}
|
199
|
198
|
\item AuctionLib.sol
|
|
@@ -213,7 +212,7 @@ Using the heuristics above, we were not able to find a contract that is vulnerab
|
213
|
212
|
\item GovernmentAlpha.sol
|
214
|
213
|
\item HedgeSwap.sol
|
215
|
214
|
\item HermesImplementation.sol
|
216
|
|
- \item IMETACoin223Token\_13.sol - had this contract been compiled with solidity under 0.8.0, it could have been vulnerable.
|
|
215
|
+ \item IMETACoin223Token\_13.sol - had this contract been compiled with solidity under 0.8.0, it would have been vulnerable.
|
217
|
216
|
\item UniswapV3PoolAdapter.sol
|
218
|
217
|
\item UserDeposit.sol
|
219
|
218
|
\item WPCMainnetBridge.sol
|
|
@@ -223,10 +222,19 @@ Using the heuristics above, we were not able to find a contract that is vulnerab
|
223
|
222
|
|
224
|
223
|
\subsection{Conclusions}
|
225
|
224
|
|
|
225
|
+We have proposed initial heuristics which can show us whether a contract is vulnerable to SWC-124. They are easy to understand and apply even in large contracts.
|
|
226
|
+We have demonstrated an example workflow that uses the tool Slither as a data-gathering aid and applies the heuristics. As a result of this workflow, we were unable to find
|
|
227
|
+vulnerable specimen from the examples provided.
|
|
228
|
+
|
226
|
229
|
\subsection{Lessons learned: what works, what doesn't}
|
227
|
230
|
|
|
231
|
+% TODO: Do we have something to add?
|
|
232
|
+
|
228
|
233
|
\subsection{Open challenges}
|
229
|
234
|
|
|
235
|
+The initial heuristics are easy to add to a static code analysis tool, such as Slither.
|
|
236
|
+Afterwards, it can be used to develop a dataset of vulnerable or non-vulnerable samples, which, alongside with manually verified contracts, can be used to improve or expand the heuristics.
|
|
237
|
+
|
230
|
238
|
\bibliography{exercise.bib}
|
231
|
239
|
|
232
|
240
|
\end{document}
|