• Stars
    star
    535
  • Rank 82,940 (Top 2 %)
  • Language
    JavaScript
  • Created about 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An interactive Solidity Shell

get in touch with Consensys Diligence
[ ๐ŸŒ ๐Ÿ“ฉ ๐Ÿ”ฅ ]

Solidity Shell

An interactive Solidity shell with lightweight session recording and remote compiler support.

๐Ÿ’พ npm install -g solidity-shell

โ‡’  solidity-shell
 
๐Ÿš€ Entering interactive Solidity shell. '.help' and '.exit' are your friends.
 ยป  โ„น๏ธ  ganache-mgr: starting temp. ganache instance ...
 ยป
 ยป  uint a = 100
 ยป  uint b = 200
 ยป  a + b + 2 + uint8(50)
352
 ยป  $_
352

Oh, did you know that we automatically fetch a matching remote compiler when you change the solidity pragma? It is as easy as typing pragma solidity 0.5.0 and solidity-shell will do the rest ๐Ÿ™Œ.

Hints

  • pragma solidity <version> attempts to dynamically load the selected compiler version (remote compiler, may take a couple of seconds).
  • use { <statement>; } to ignore a calls return value.
  • Sessions can be saved and restored using the .session command. Your previous session is always stored and can be loaded via .session load previous (not safe when running concurrent shells).
  • .reset completely removes all statements. .undo removes the last statement.
  • See what's been generated under the hood? call .dump.
  • Settings are saved on exit (not safe when running concurrent shells). call config set <key> <value> to change settings like ganache port, ganache autostart, etc.
  • $_ is a placeholder for the last known result. Feel free to use that placeholder in your scripts :)
  • Special commands are dot-prefixed. Everything else is evaluated as Solidity code.
  • import "<path>" assumes that path is relative to the current working-dir (CWD) or {CWD}/node_modules/. There's experimental support for HTTPs URL's. You can disable https resolving by setting ยป .config set resolveHttpImports false.
 ยป  import "https://raw.githubusercontent.com/OpenZeppelin/openzeppelin-contracts/master/contracts/token/ERC721/IERC721.sol"

Usage

Cmdline Passthru

Any arguments provided after an empty -- are directly passed to ganacheCmd (default: ganache-cli). This way, for example, you can start a solidity shell on a ganache fork of mainnet via infura. Check ganache-cli --help for a list of available options.

โ‡’  solidity-shell -- --fork https://mainnet.infura.io/v3/yourApiToken
 
๐Ÿš€ Entering interactive Solidity shell. Type '.help' for help, '.exit' to exit.
 ยป  โ„น๏ธ  ganache-mgr: starting temp. ganache instance ...
 ยป
 ยป  interface ERC20 {
multi> function name() external view returns (string memory);
multi> }
 
 ยป  ERC20(0xB8c77482e45F1F44dE1745F52C74426C631bDD52).name()
BNB

Repl

๐Ÿš€ Entering interactive Solidity ^0.8.11 shell. '.help' and '.exit' are your friends.
 ยป  โ„น๏ธ  ganache-mgr: starting temp. ganache instance ...
 ยป
 ยป  .help

๐Ÿ“š Help:
   -----

 $_ is a placeholder holding the most recent evaluation result.
 pragma solidity <version> to change the compiler version.


 General:
    .help                                ... this help :)
    .exit                                ... exit the shell


 Source:
    .fetch 
            interface <address> <name> [chain=mainnet] ... fetch and load an interface declaration from an ABI spec on etherscan.io
    .inspect
            bytecode                     ... show bytecode of underlying contract
            opcodes                      ... show disassembled opcodes of underlying contract
            storageLayout                ... show variable to storage slot mapping for underlying contract
            storage <slot> <num> [<address>] ... show raw storage at slot of underlying deployed contract 
            deployed                     ... debug: show internal contract object


 Blockchain:
    .chain                         
            restart                      ... restart the blockchain service
            set-provider <fork-url>      ... "internal" | <shell-command: e.g. ganache-cli> | <https://localhost:8545>
                                            - fork url e.g. https://mainnet.infura.io/v3/yourApiKey  
            accounts                     ... return eth_getAccounts
            eth_<X> [...args]            ... initiate an arbitrary eth JSONrpc method call to blockchain provider.

 Settings:
    .config                              ... show settings
            set <key> <value>            ... set setting
            unset <key>                  ... unset setting
 Session:
    .session                             ... list sessions
            load <id>                    ... load session
            save <id>                    ... save session
    .undo                                ... undo last command
    .reset                               ... reset cmd history. start from scratch.

 Debug:
    .proc                                ... show processes managed by solidity-shell (ganache)
    .dump                                ... show template contract
    .echo                                ... every shell needs an echo command


cheers ๐Ÿ™Œ 
    @tintinweb 
    ConsenSys Diligence @ https://consensys.net/diligence/
    https://github.com/tintinweb/solidity-shell/ 

Examples

solidity-shell

Transaction vars: msg.sender etc.

 ยป  msg.sender
0x70e9B09abd6A13D2F5083CD5814076b77427199F
 ยป  address(uint160(address(msg.sender)))
0x70e9B09abd6A13D2F5083CD5814076b77427199F

Contracts, Structs, Functions

โ‡’  solidity-shell
 
๐Ÿš€ Entering interactive Solidity shell. Type '.help' for help, '.exit' to exit.
 ยป  โ„น๏ธ  ganache-mgr: starting temp. ganache instance ...
 ยป
 ยป  contract TestContract {}
 ยป  new TestContract()
0xFBC1B2e79D816E36a1E1e923dd6c6fad463F4368
 ยป  msg.sender
0x363830C6aee2F0c43922bcB785C570a7cca613b5
 ยป  block.timestamp
1630339581
 ยป  struct yolo {uint8 x; uint8 y;}
 ยป  function mytest(uint x) public pure returns(uint) {
multi> return x -5;
multi> }
 ยป  mytest(100)
95

solidity-shell2

Advanced usage

 ยป  struct yolo {uint8 x; uint8 y;}
 ยป  .dump
// SPDX-License-Identifier: GPL-2.0-or-later
pragma solidity ^0.8.7;

contract TestContract {}

struct yolo {uint8 x; uint8 y;}

contract MainContract {

    

    function main() public  {
        uint a = 100;
        uint b = 200;
        a + b + 2 + uint8(50);
        new TestContract();
        msg.sender;
        block.timestamp;
        return ;
    }
}

Fetch Interface Declaration from Etherscan

shell-fetch-interface

.fetch interface <address> <interfaceName> [optional: chain=mainnet]

โ‡’  solidity-shell --fork https://mainnet.infura.io/v3/<yourApiKey>                                                                                                
 
๐Ÿš€ Entering interactive Solidity ^0.8.16 shell (๐Ÿง:Ganache built-in). '.help' and '.exit' are your friends.
 ยป  
 ยป  .fetch interface 0x40cfEe8D71D67108Db46F772B7e2CD55813Bf2FB Test
 ยป  interface Test {
    
    ... omitted ...

    function symbol() external view returns (string memory);

    function tokenURI(uint256 tokenId) external view returns (string memory);

    function totalSupply() external view returns (uint256);

    function transferFrom(
        address from,
        address to,
        uint256 tokenId
    ) external;

    function transferOwnership(address newOwner) external;

    function withdraw() external;
}

 ยป  Test t = Test(0x40cfEe8D71D67108Db46F772B7e2CD55813Bf2FB)
 ยป  t.symbol()
MGX

Inspect Contract Storage on Ganache Fork

  1. Run solidity shell in fork-mode.
  2. Display contract storage at latest block.
โ‡’  solidity-shell --fork https://mainnet.infura.io/v3/<yourApiKey>    

๐Ÿš€ Entering interactive Solidity ^0.8.16 shell (๐Ÿง:Ganache built-in, โ‡‰ fork-mode). '.help' and '.exit' are your friends.
 ยป  .inspect storage 0 10 0x40cfEe8D71D67108Db46F772B7e2CD55813Bf2FB
 ยป  
     ๐Ÿ“š Contract:      0x40cfee8d71d67108db46f772b7e2cd55813bf2fb @ latest block

     slot              1f 1e 1d 1c 1b 1a 19 18 17 16 15 14 13 12 11 10 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00
  --------------------------------------------------------------------------------------------------------------------
  0x000000 (   0)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1d c7    ................................
  0x000001 (   1)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000002 (   2)      54 68 65 20 4d 61 67 69 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12    The Magix.......................
  0x000003 (   3)      4d 47 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06    MGX.............................
  0x000004 (   4)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000005 (   5)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000006 (   6)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000007 (   7)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000008 (   8)      00 00 00 00 00 00 00 00 00 00 00 00 d7 4e 84 57 2f 5f 7b 5d 41 47 4e be d9 b3 02 0a 2e 52 6f c6    .............N.W/_{]AGN......Ro.
  0x000009 (   9)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 27 0f    ..............................'.

Inspect Generated Contract

  solidity-shell       
 
๐Ÿš€ Entering interactive Solidity ^0.8.16 shell (๐Ÿง:Ganache built-in, โ‡‰ fork-mode). '.help' and '.exit' are your friends.
 ยป  1+1
2
 ยป  .inspect bytecode
6080604052348015610010576000 ... 03a7bab64736f6c63430008100033
 ยป  .inspect opcodes
PUSH1 0x80 PUSH1 0x40 MSTORE CALLVALUE ... SLOAD 0xDA POP GASPRICE PUSH28 0xAB64736F6C6343000810003300000000000000000000000000000000 
 ยป  .inspect storageLayout
{ storage: [], types: null }
 ยป  .inspect storage 0 4
 ยป  
     ๐Ÿ“š Contract:      0xCa1061046396daF801dEB0D848FcfeA055fAfBFC @ latest block

     slot              1f 1e 1d 1c 1b 1a 19 18 17 16 15 14 13 12 11 10 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00
  --------------------------------------------------------------------------------------------------------------------
  0x000000 (   0)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000001 (   1)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000002 (   2)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................
  0x000003 (   3)      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................................

Acknowledgements

  • Inspired by the great but unfortunately unmaintained solidity-repl.
  • Fetch interfaces from Etherscan is powered by abi-to-sol.

More Repositories

1

smart-contract-sanctuary

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Python
1,423
star
2

scapy-ssl_tls

SSL/TLS layers for scapy the interactive packet manipulation tool
Python
418
star
3

ecdsa-private-key-recovery

A simple library to recover the private key of ECDSA and DSA signatures sharing the same nonce k and therefore having identical signature parameter r
Python
384
star
4

electron-inject

Inject javascript into closed source electron applications e.g. to enable developer tools for debugging.
Python
296
star
5

ida-batch_decompile

*Decompile All the Things* - IDA Batch Decompile plugin and script for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file
Python
265
star
6

pub

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Python
254
star
7

smart-contract-sanctuary-ethereum

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
251
star
8

ethereum-dasm

An ethereum evm bytecode disassembler and static/dynamic analysis tool
Python
212
star
9

smart-contract-inspector

the magic X-ray machine for solidity smart contracts
JavaScript
172
star
10

striptls

proxy poc implementation of STARTTLS stripping attacks
Python
167
star
11

vscode-interactive-graphviz

Interactive Graphviz Dot Preview for Visual Studio Code
TypeScript
145
star
12

vscode-decompiler

Decompile things directly from VSCode
Python
141
star
13

solgrep

๐Ÿง  A scriptable semantic grep utility for solidity
JavaScript
138
star
14

smart-contract-storage-viewer

๐Ÿ”†๐Ÿ”Ž๐Ÿ‘€ Smart Contract Storage Viewer, DataType Guesser, Toolbox & Transaction Decoder
JavaScript
99
star
15

smart-contract-sanctuary-bsc

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
75
star
16

smart-contract-vulndb

๐Ÿ‹ An open dataset containing smart contract audit issues from various sources.
JavaScript
63
star
17

ethereum-input-decoder

Decode transaction inputs based on the contract ABI
Python
59
star
18

bugbounty-companion

A BugBounty companion that checks out high-reward yielding bug bounty code-bases from Immunefi/code4rena ๐Ÿ™Œ (use at own risk)
Python
55
star
19

vscode-vyper

Ethereum Vyper language support for Visual Studio Code
JavaScript
52
star
20

unbox

๐ŸŽ unbox - Unpack and Decompile the $h*! out of things
Python
48
star
21

vscode-inline-bookmarks

Customizable inline Bookmarks for Visual Studio Code
JavaScript
45
star
22

smart-contract-sanctuary-arbitrum

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Solidity
43
star
23

pyetherchain

A python interface to the ethereum blockchain explorer at www.etherchain.org โคโ›“๐Ÿ
Python
42
star
24

hallucinate.sol

๐Ÿ˜ตโ€๐Ÿ’ซ A Recurrent Neural Network (RNN) hallucinating solidity source code.
Jupyter Notebook
38
star
25

smart-contract-sanctuary-polygon

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
37
star
26

DSAregenK

Recover the private key from signed DSA messages. (multiple signed messages, static coefficient 'k')
Python
35
star
27

smart-contract-sanctuary-optimism

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Solidity
34
star
28

aggroArgs

Bruteforce commandline buffer overflows and automated exploit generation, linux, aggressive arguments
Python
33
star
29

evm-shell

An interactive EVM repl/shell.
JavaScript
30
star
30

smart-contract-sanctuary-avalanche

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Solidity
26
star
31

sigbank

๐Ÿฆ SigBank - A Database of Smart Contract Function Signatures
20
star
32

smart-contract-sanctuary-fantom

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Solidity
19
star
33

vscode-ethereum-security-bundle

A meta-extension bundling marketplace plugins for secure Ethereum smart contract development.
19
star
34

smart-contract-sanctuary-tron

[Tron] ๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Solidity
16
star
35

vscode-circom-pro

๐Ÿ‘ฉโ€๐Ÿ’ป Circom compiler, snippets, hover and language support for Visual Studio Code
JavaScript
15
star
36

solidity-workspace

A simple workspace based interface to the solidity-parser and objectified Abstract Syntax Tree
JavaScript
14
star
37

solidity-doppelganger

JavaScript
13
star
38

solidity-ecdsa-malleability-demo

Solidity
12
star
39

scapy-ssh

ssh key exchange layer for scapy
Python
12
star
40

python-smtpd-tls

An extension to the standard python 2.x smtpd library implementing implicit/explicit SSL/TLS/STARTTLS
Python
11
star
41

heroku-eth-address-converter

Ethereum ENR โ‡„ enode โ‡„ MultiAddress converter heroku app
Python
11
star
42

smart-contract-sanctuary-celo

๐Ÿฆ๐ŸŒด๐ŸŒด๐ŸŒด๐Ÿฆ• A home for ethereum smart contracts. ๐Ÿ 
Solidity
10
star
43

solidity-metrics-action

๐Ÿ“Š Generates Solidity Code Metrics Reports for Solidity Source Units in your Repository.
Dockerfile
10
star
44

aragraph

**Repo Moved** Easily generate permission graphs for Aragon DAO Templates
8
star
45

ssl_tls_socket_layers

ssl tls tcp udp layers for python sockets intended for messing with tls ssl protocol fields (fuzzing, exploitation, ...)
Python
7
star
46

IP_UDPFlood

General purpose IP src/dst network flooder
Python
6
star
47

vscode-solidity-language

Solidity Language Support, Syntax Highlighting, and Themes for VSCode - This is the standalone passive language support originally found in the Solidity Visual Developer extension
6
star
48

feedmon

monitor rss/atom feeds for some keywords
Python
4
star
49

tintinweb

4
star
50

EBNFSpill

Create Random Data based on EBNF Syntax description (EBNF parser: simpleparse)
Python
4
star
51

vscode-LLL

Ethereum LLL language support for Visual Studio Code
JavaScript
4
star
52

random-ssl-server

spawns a server listening for HTTPS (SSL) requests supplying random auto-generated certificates for each request. [HTTPS,SSL,Fuzzing,Testing,Resiliency]
Python
4
star
53

pymemscrape

A python-ctypes based process memory scraper that attempts to find key-material by matching template C structs in memory (OpenSSL ssl_session_st, dsa_st, rsa_st, bignum_st, ec_key_st, dh_st and generic ASN.1)
Python
4
star
54

openssl-version_scan

Scan Files and Processes for traces of static and shared OpenSSL libraries and display version information.
Python
4
star
55

vscode-solidity-flattener

Flatten Solidity Contracts using `truffle-flattener`
JavaScript
3
star
56

solcwrapper

Easily run any version of solc with solcwrapper. Automatically downloads/compiles/installs and transparently invokes officially released solc versions.
Python
3
star
57

DHCPv4v6

low-level scapy based dhcp client script (ipv4 ipv6)
Python
2
star
58

HashCollisioneer

checks a predefined list of names and hash-algorithms for collisions to find the best suiting hash-algorithm for some sample data
Python
1
star
59

heroku-vscode-downloader

A Simple Heroku WebApp to download vscode extensions for offline use
HTML
1
star