enderphan94 · June 27, 2021 07:17 · Jun 27, 2021
diff --git a/blog.md b/blog.md
@@ -0,0 +1,418 @@
+Author: [email protected]
+
+## Foreword
+
+The documents aim to recap my experience in smart contract automated testing besides the manual testing. I also put the issues that I faced during the execution, indeed, solutions are given.
+
+## Connecting with Remix from localhost
+
+For a complex project, you can't just copy paste the single sol file and let it run. To make our life easier, Remix has localhost connection which allows you to interact with your project in your local machine remotely.
+
+This is something I'm used to doing when the project has a large number of inheritant contracts. Obviously, this make our life easier than ever by just downloading the git project and do some commands.
+
+### Steps:
+
+1. Compile your truffle contract if needed with `npm install` (!remember remvove the package-lock.json, if it does have it). Otherwise, the remix wouldn't be able to load all libraries for the contracts that are being called.
+
+2. Go to WorkSpaces on the left panel and choose "Connect to Localhost"
+
+<img src="https://github.com/enderphan94/solidity-pentest/blob/master/images/remix1.png?raw=true">
+
+
+3. The message box pops up and you just need to read carefully and copy the command shown in the box to connect your localhost
+
+<img src="https://github.com/enderphan94/solidity-pentest/blob/master/images/remix2.png?raw=true" width="65%" height="65%">
+
+https://gist.github.com/c3b05db188b9a66755e4d4ce3373373d
+
+Important:
+
+> path-to-the-shared-folder: needs to be an absolute path
+
+> remix-ide-instance-URL: needs to plain with http or https
+
+eg: 
+
+https://gist.github.com/9f96a2055bd8b42a5f1b9d0ad08251a2
+
+### Issues
+
+#### Issue 1
+
+Somtimes I still got this error from Remix
+
+>Cannot connect to the remixd daemon. 
+>Please make sure you have the remixd running in the background.
+
+What I usually do is just switch to a new terminal tab and re-type the remixd command. If needed, you can just uinstall and reinstall the remixd (Close VS-Code to do this, if you have it opened)
+
+https://remix-ide.readthedocs.io/en/latest/remixd.html
+
+#### Issue 2
+
+The same error but another issue.
+
+https://ethereum.stackexchange.com/questions/78637/cant-connect-remix-ide-using-remixd
+
+## Solc version problems
+
+Source: https://github.com/crytic/solc-select
+
+### Issues
+
+You need to just switch the version of solc quickly by a command. The version of solc is kindda painful, depending on the tools and project, you need to use a specific and exact version to compile.. otherwise broke.
+
+During my audit, I've suffered with solc-select installations. I used to install  via the shell command, but now they've upraded to pip3. The thing is that some docker containers do not support pip3, so you would need to install solc-selct into that docker but pip3. Therefore, I'v a copied version of the solc-select installed via shell.
+
+### Installation
+
+Via shell: https://github.com/enderphan94/solc-select-sh-version
+
+Via pip3: https://github.com/crytic/solc-select
+
+### Usage:
+
+Install the version you want
+
+https://gist.github.com/696d12da5415be51a57254b1ee6c3546
+
+And use it
+https://gist.github.com/547569aa651845571a457102ec789b8e
+
+Check your solc version again
+
+https://gist.github.com/120af69c1998830f8671709e117991b3
+
+## Tools
+
+### 1. Slither
+
+Source: https://github.com/crytic/slither
+
+#### Features
+
+* Detects vulnerable Solidity code with low false positives (see the list of [trophies](./trophies.md))
+* Identifies where the error condition occurs in the source code
+* Easily integrates into continuous integration and Truffle builds
+* Built-in 'printers' quickly report crucial contract information
+* Detector API to write custom analyses in Python
+* Ability to analyze contracts written with Solidity >= 0.4
+* Intermediate representation ([SlithIR](https://github.com/trailofbits/slither/wiki/SlithIR)) enables simple, high-precision analyses
+* Correctly parses 99.9% of all public Solidity code
+* Average execution time of less than 1 second per contract
+
+#### How to install
+
+Slither requires Python 3.6+ and [solc](https://github.com/ethereum/solidity/), the Solidity compiler.
+
+##### Using Pip
+
+https://gist.github.com/ca96530fac9dcad5baaa70227b511054
+
+##### Using Git
+
+https://gist.github.com/bddc7c1dc5a9ba582f7502f560637110
+
+We recommend using an Python virtual environment, as detailed in the [Developer Installation Instructions](https://github.com/trailofbits/slither/wiki/Developer-installation), if you prefer to install Slither via git.
+
+##### Using Docker
+
+Use the [`eth-security-toolbox`](https://github.com/trailofbits/eth-security-toolbox/) docker image. It includes all of our security tools and every major version of Solidity in a single image. `/home/share` will be mounted to `/share`  in the container.
+
+https://gist.github.com/8b5f565e06dfa6f5c17d321da40dbe14
+
+To share a directory in the container:
+
+https://gist.github.com/5f21b0731dbf09306b2754339f2965d9
+
+#### Usage
+
+https://gist.github.com/d97152ab261190f1e44ee80a202ce153
+
+#### Isssue
+
+> Error: Source "@openzeppelin/contracts/utils/Context.sol" not found: File outside of allowed directories.
+
+Fixed: the `--allow-path` does not work, just download the library and copy them into the dir.. casual way :/
+
+
+### 2. Mythril
+
+Mythril detects a range of security issues, including integer underflows, owner-overwrite-to-Ether-withdrawal, and others. Note that Mythril is targeted at finding common vulnerabilities, and is not able to discover issues in the business logic of an application. Furthermore, Mythril and symbolic executors are generally unsound, as they are often unable to explore all possible states of a program.
+
+Source: https://github.com/ConsenSys/mythril
+
+#### How to install
+
+https://gist.github.com/4a5684bca1e92032944e4b756008fa0d
+
+Install from Pypi:
+
+https://gist.github.com/4a6e66fd5b7309bae36990735374a0da
+
+Note: In my exprience, I prefer using mythril version installed via pip3 rather than Docker. I've faced so many issues with the docker version, and I decided to switch to pip3 one.
+
+#### Usage
+
+Via pip3: https://github.com/ConsenSys/mythril/blob/develop/README.md#usage
+
+Via Docker: ```docker run -v $(pwd):/tmp mythril/myth a /tmp/<file-name>.sol --solv 0.5.0```
+
+#### Issues
+
+##### Issue 1
+In case the tool gives you this error:
+
+> mythril.mythril.mythril_disassembler [ERROR]: The file Token.sol does not contain a compilable contract.
+> mythril.interfaces.cli [ERROR]: input files do not contain any valid contracts
+
+We can use contract address in testnet or ganache
+https://mythril-classic.readthedocs.io/en/master/security-analysis.html
+
+Ganache: ```myth a --rpc ganache -a <address>```
+
+##### Issue 2
+
+Evn: MacOS
+
+Just in case the command ```Pip3 install mythril``` does not work. I don't remember what happened exactly but something does not work with pip3 in MacOS :)
+
+Use the following command 
+
+https://gist.github.com/d91297767da438e24fc1d591fceb3f97
+
+##### Issue 3
+
+Error
+
+>in self.solidity_files[file_index].full_contract_src_maps
+>IndexError: list index out of range
+
+Just uninstall mythril and reinstall it
+
+https://gist.github.com/c63618ba096f14fd693494cd5c96b0a6
+
+https://gist.github.com/84611769906dac0a6b776c3e0b85d9b6
+
+### 3. Manticore
+
+This tool takes quite a long time to complete.
+
+#### Features
+
+Program Exploration: Manticore can execute a program with symbolic inputs and explore all the possible states it can reach
+
+Input Generation: Manticore can automatically produce concrete inputs that result in a given program state
+
+Error Discovery: Manticore can detect crashes and other failure cases in binaries and smart contracts
+
+Instrumentation: Manticore provides fine-grained control of state exploration via event callbacks and instruction hooks
+
+Programmatic Interface: Manticore exposes programmatic access to its analysis engine via a Python API
+
+#### Installation
+
+> Note: We recommend installing Manticore in a [virtual environment](https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/#installing-virtualenv)
+ to prevent conflicts with other projects or packages
+
+Option 1: Installing from PyPI:
+
+https://gist.github.com/96b26e5a4c29860ed640aa6af1871539
+
+Option 2: Installing from PyPI, with extra dependencies needed to execute native binaries:
+
+https://gist.github.com/dba0c698c9d0fec64d8b85750c0ad8c9
+
+Option 3: Installing a nightly development build:
+
+https://gist.github.com/d6af94952324b92df939340e0fdd02f9
+
+Option 4: Installing from the `master` branch:
+
+https://gist.github.com/cf8aa6adc473670fba5313f47972bbe0
+
+Option 5: Install via Docker:
+
+https://gist.github.com/0f5e3f676cfac90efded606bf14cf339
+
+Once installed, the `manticore` CLI tool and Python API will be available.
+
+For a development installation, see our [wiki](https://github.com/trailofbits/manticore/wiki/Hacking-on-Manticore).
+
+#### Usage
+
+Sigle contract in a file
+
+https://gist.github.com/4bc7805b4af2a8b3a61f700da48b3637
+
+Mutiple contracts in a file
+
+https://gist.github.com/4fe57243add065e61503678ab1284b84
+
+Note:
+
+Manticore takes quite a long time to complete the scan by default, so usually I also use `--quick-mode` option for quick exploration. Disable gas, generate testcase only for alive states, do not explore constant functions. Disable all detectors.
+
+https://gist.github.com/1ada83441fcb622f8c753ae1b43ae657
+
+### 4. Theo
+
+Source: https://github.com/cleanunicorn/theo
+
+#### Features
+
+* Automatic smart contract scanning which generates a list of possible exploits.
+* Sending transactions to exploit a smart contract.
+* Transaction pool monitor.
+* Web3 console
+* Frontrunning and backrunning transactions.
+* Waiting for a list of transactions and sending out others.
+* Estimating gas for transactions means only successful transactions are sent.
+* Disabling gas estimation will send transactions with a fixed gas quantity.
+
+#### Installation
+
+https://gist.github.com/70bbab222da3078c9f85242019045249
+
+#### Usage
+
+Usually I deploy the smart contract in Ganache local network, from that, I can freely have the private keys of many accounts. If you have metamask installed, you can deploy in the testnet and get the private key of the accounts.
+
+1. Deploy the contract
+2. Run
+https://gist.github.com/4019e1d4b2f79f82591fec16d7da1234
+
+3. Enter the private key of the attack's account
+4. Enter the smart contract address
+
+eg:
+
+https://gist.github.com/0e69687ce469371f2fdc2eb765abddae
+
+### 5. SmartCheck
+
+Souce: https://www.npmjs.com/package/@smartdec/smartcheck
+
+SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language
+
+#### Installation
+
+https://gist.github.com/b05350d0092b2b00c47e0d5b996b8efc
+
+#### Usage
+
+1. Copy the contract to a folder
+2. Run
+https://gist.github.com/89205f8e8cab67be2b72cc0649f0a805
+
+### 6. Securitfy2
+
+Source: https://github.com/eth-sri/securify2
+
+#### Furture
+
+* Supports 38 vulnerabilities (see table below)
+* Implements novel context-sensitive static analysis written in Datalog
+* Analyzes contracts written in Solidity >= 0.5.8
+
+#### Installation
+
+To build the container:
+
+https://gist.github.com/4321d9591c50f24b3653f08ff58f8c53
+
+To run the container:
+
+https://gist.github.com/68cb25b2379807f0e9cc05e912b2f456
+
+contract-dir-full-path: should be the absolute path
+
+eg:
+
+https://gist.github.com/8d417ab0a7877a35f4057b5b0388b9a6
+
+### 7. Sohint
+
+Source: https://github.com/duaraghav8/Ethlint
+
+Ethlint (Formerly Solium) analyzes your Solidity code for style & security issues and fixes them.
+
+#### Installation
+
+https://gist.github.com/50c66eceda258833b699295ff2a088cd
+
+#### Usage
+
+In the root directory of your DApp:
+https://gist.github.com/a7e023f090f8acadd5409a9a40487ecb
+
+This creates .soliumrc.json file, which contains configuration that tells Solium how to lint your project. You should modify this file to configure rules, plugins and sharable configs.
+
+I just usually use this simple setting.
+
+https://gist.github.com/bd312d3efa2081b35277b74a7288edf5
+
+Then you can run
+
+https://gist.github.com/edf105c95ca829cb0f03abd8f6d1cfa4
+
+or
+
+https://gist.github.com/4a32858df4a75a3d7396ee9b43a6aa3a
+
+### 8. Spell check
+
+Source: https://github.com/streetsidesoftware/cspell
+
+The cspell mono-repo, a spell checker for code.
+
+#### Installation
+
+https://gist.github.com/b376bd58f2724c70a963ad4055e232b9
+
+#### Usage
+
+https://gist.github.com/03896c4bb6dd551214dba7c6d795dc65
+
+### 9. Sūrya (flow graph)
+
+Source: https://github.com/ConsenSys/surya
+
+Surya is an utility tool for smart contract systems. It provides a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph in multiple ways to aid in the manual inspection of contracts.
+
+#### Installation
+
+Install graphviz
+
+https://gist.github.com/893ab3560b223c97781f1bc1b306c51e
+
+Install surya
+https://gist.github.com/7813b4d5283359337da918073bb62883
+
+#### Usage
+
+https://gist.github.com/157f12bb9c8f97938e59e55c2b75e44d
+
+Note: I recommend using Surya in VS Code
+
+## Audit with Visual Studio Code
+
+Here is my list:
+
+1. Name: vscode-slither
+> VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=samparsky.vscode-slither
+
+2. Name: Solidity Visual Developer
+>VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor
+
+3. Name: Slither
+>VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=trailofbits.slither-vscode
+
+4. Name: Code Spell Checker
+>VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=streetsidesoftware.code-spell-checker
+
+5. Name: mythril
+> VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=xgwang.mythril
+
+6. Name: solidity
+>VS Marketplace Link: https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity