Skip to content

nveloso/rattle

This branch is 2 commits ahead of, 22 commits behind crytic/rattle:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

a8fd3a4 · Sep 19, 2020

History

35 Commits
Apr 11, 2020
Apr 20, 2020
Sep 19, 2020
Aug 8, 2018
Aug 8, 2018
Aug 8, 2018
Sep 19, 2020
Aug 8, 2018
Sep 6, 2018
Sep 6, 2018
Apr 11, 2020
Apr 21, 2020

Repository files navigation

My fork of Rattle

In this fork, I updated the intermediate representation (IR) of Rattle. I decided to maintain some PUSH instructions that are related to PHI instructions. This way, when symbolic executing, I know the exact location of PUSH instruction, and then, in which path it was declared. Also, I added to SSAInstruction class a variable called instruction_offset. This variable represents the byte-offset to the start of the range in the source file. This will be helpful when trying to map one instruction to the Solidity source file.

rattle

Rattle

Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts. Rattle takes EVM byte strings, uses a flow-sensitive analysis to recover the original control flow graph, lifts the control flow graph into an SSA/infinite register form, and optimizes the SSA – removing DUPs, SWAPs, PUSHs, and POPs. The conversion from a stack machine to SSA form removes 60%+ of all EVM instructions and presents a much friendlier interface to those who wish to read the smart contracts they’re interacting with.

Example

$ python3 rattle-cli.py --input inputs/kingofether/KingOfTheEtherThrone.bin -O

Would produce a register machine output like this:

King of Ether numberOfMonarchs

Functions are recovered and split off. Additionally function arguments, memory locations, and storage locations are recovered.

Usage

Rattle runs on the runtime contract hex string.

If you're running rattle on a contract you can compile with solidity, use the --bin-runtime option and strip off the header:

$ solc --bin-runtime KingOfTheEtherThrone.sol 2>/dev/null | tail -n1 > contract.bin

Dependencies

  • python3
  • graphviz
  • cbor2
  • pyevmasm

To install the python dependencies, run these commands:

$ python3 -m venv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Troubleshooting

If you get a syntax error like this:

  File "rattle-cli.py", line 16
    def main() -> None:
               ^
SyntaxError: invalid syntax

You likely ran rattle with python2 instead of python3.

Presentation

For more details on the Rattle design and features, see my reCON Montreal presentation, which is annotated here.

License

Rattle is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.

Releases

No releases published

Packages

No packages published

Languages

  • Python 99.8%
  • Solidity 0.2%