nftdefects Goto Github PK

• Python >= 3.6.

• evm >= 1.10.21. Download version 1.10.21 (tested) from go-ethereum and add executable bins in the $PATH.

  wget https://gethstore.blob.core.windows.net/builds/geth-alltools-linux-amd64-1.10.21-67109427.tar.gz
  tar -zxvf geth-alltools-linux-amd64-1.10.21-67109427.tar.gz
  cp geth-alltools-linux-amd64-1.10.21-67109427/evm /usr/local/bin/ #$PATH

• solc. Recommend solc-select to manage Solidity compiler versions.

  pip3 install solc-select

1. Python dependencies installation.

pip3 install -r requirements.txt

2. Or you can build or pull the docker image.

docker build -t nftdefects:local . # local build
docker pull ghcr.io/nftdefects/nftdefects:latest # remote pull

To test one solidity file, use -cnames to specify contract name.

python3 tool.py -s test/token.sol -cnames token -j -glt 200 -ll 100 -dl 500

To test a specifc function, use -fselector to specifiy the function selector (-as option is provided for automatical solc version switch).

python3 tool.py -s test/toadz.sol -cnames CreatureToadz -fselector 40c10f19 -as

For solidity project (supports newest version crytic-compile toolset). Remember to use remap to link the outside libraries (openzeppelin, etc).

python3 tool.py -s "path/to/.sol" -rmp "remapping/import_lib/path" -cnames "contract name"
# example
python3 tool.py -s test/8liens/contracts/8liens/8liensMinter.sol -rmp erc721a=test/8liens/erc721a @openzeppelin=test/8liens/@openzeppelin -cnames \$8liensMinter -ll 50 -glt 60

Other utils: contract/project source code crawler (with complete code structure) from EtherScan. See crawler.py. The utils can help recover the original structure of the DApp contracts to be fed into NFTGuard with remap configuration.

python3 crawl.py --dir ./0x --caddress 0x # 0x is the contract address

Usage in the NFTGuard CLI.

python3 tool.py -caddress 0xa4631a191044096834ce65d1ee86b16b171d8080 -cnames CreatureToadz -fselector 40c10f19

For the docker image, run with the following command.

docker run -v test:/NFTGuard/test ghcr.io/nftdefects/nftdefects:latest -s test/token.sol -cnames token -j

This repository was proposed in the ISSTA'23 paper, and we would really appreciate for your citation if this repo helps you.

@inproceedings{yang2023definition,
  title={Definition and Detection of Defects in NFT Smart Contracts},
  author={Yang, Shuo and Chen, Jiachi and Zheng, Zibin},
  booktitle={Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages={373--384},
  year={2023}
}

Copyright © 2024 Shuo Yang.
This project is Apache licensed.