Analysis of Ethereum Smart Contracts using KLEE
The tools is an augmented version of KLEE to verify Solidity smart contracts using symbolic execution and generate test-cases which gives concrete value of the variable when a bug is found. The following are the smart contract vulnerabilities which can be verified:
- Unchecked send
- Integer overflow/underflow
- Greedy contract
- Prodigal contract
- Suicidal contract
- Call to unknown function
- Memory overlap
- Address typecast
- Payable but no fallback
- Timestamp dependence
- Transaction order dependence
- Blockstate dependence
- Mapping read
Frontend: php script based to execute command in backend
-OnlineKLEE (only deployed on local server for now)
Libraries: libraries to be cloned for independent installation
-libc++-10
-libc++-build-10
-libc++-install-10
-llvm-10
-klee-uclibc
-stp
Core Functionality
-klee
Benchmarks
-SKLEE Benchmarks
Scripts
-scripts
Run the tool:
- Upload Solidy contract file (in text format) to directory klee/tools/klee/
- bash runKLEE.sh
- bash getResult.sh
All commands listed in requirements.txt under scripts directory.
Instructions to install lib other than KLEE:
sudo apt install bison
sudo apt install lex
sudo apt-get install libboost-all-dev
Instructions to install KLEE: https://klee.github.io/build-llvm11/