- Ethernaut (The CTF)
- Foundry (To install, DApp framework, manual exploits)
- Slither (To install, Static Analyse), detecting vulnerabilities)
- Echidna (To install, Fuzzing, finding bugs with property testing)
- Manticore (To install, Symbolic Execution, finding sequences of actions leading to exploit)
- (Foundry) Run all manual exploits:
forge test
- (Foundry) Run single manual exploit:
forge test --match-contract Fallback
- (Slither) Log contract vulnerabilities:
slither src/1_Fallback/Fallback.sol
- (Echidna) Find bug (assuming Echidna binaries located at home):
~/echidna-test ./src/1_Fallback/EchidnaFallback.sol --config ./src/1_Fallback/echidna_config.yaml
- (Manticore) Log list of exploit TX series (attacker executed withdraw) from pre-computed results:
grep withdraw src/1_Fallback/mcore_cli_result/*.tx
- (Manticore) Log details from single exploit TX set:
cat src/1_Fallback/mcore_cli_result/user_00000008.tx
- (Manticore) Find exploit series by exploring all contract states (time consuming):
cd src/1_Fallback/ && manticore Fallback.sol && cd ../..
- (Manticore) Find exploit while providing constraints:
cd src/1_Fallback/ && python3 manticore_fallback.py && cd ../..