Girl Friend <- Generate Foundry Fork Test from Attack Transaction

Overview

girlfriend

Girl Friend <- G F <- Generate Foundry Fork Test from Attack Transaction

She is truly a great friend.

Prerequisites

# Install abi-guesser
git clone [email protected]:fuzzland/abi-guesser-cli.git
cd abi-guesser-cli
npm i -g

# Init submodules
git submodule update --recursive --init

Getting Started

Config

Before running the commands, you need to rename config/config.example.toml to config.toml. And modify it as follows:

  • The RPC URLs should support the debug API (e.g. debug_traceTransaction).
  • Add your scan keys. You can get them as follows (take ETH as an example, other chains are similar):
    1. Register an account on Etherscan.
    2. Create API keys.

Generate A Foundry Test PoC

gf is used to generate a Foundry test PoC using a given txhash.

Usage: gf [OPTIONS] --txhash <TXHASH>

Options:
  -c, --config <CONFIG>  the config file path [default: config/config.toml]
  -t, --txhash <TXHASH>  the txhash
  -h, --help             Print help
  -V, --version          Print version
  • Example
# The output_dir is configured in the config file [default: ./test]
cargo run --bin gf -- -t 0xeaef2831d4d6bca04e4e9035613be637ae3b0034977673c1c2f10903926f29c0

# If the output_dir is `./test`, you can run it directly
forge test -vvvvv

Backtest

bt is used to perform a backtest with a given txhashes file.

Usage: bt [OPTIONS]

Options:
  -c, --config <CONFIG>                the config file path [default: config/config.toml]
  -t, --txhashes-path <TXHASHES_PATH>  the back test txhashes file path [default: assets/eth_tx.txt]
  -r, --result-dir <RESULT_DIR>        the result dir [default: eth_back_test]
  -h, --help                           Print help
  -V, --version                        Print version
  • Example
# ETH backtest
cargo run --bin bt
# BSC backtest
cargo run --bin bt -- -t assets/bsc_tx.txt -r bsc_back_test

Progress

We collected 74 historical attacks on ETH and 117 on BSC for backtesting. The commands executed are as mentioned above. The results are as follows:

Chain Total Success Success Rate
ETH 74 24 32.43%
BSC 117 46 39.32%

Optimization item

  • The return value of a static call is now not handled efficiently. This may be used in the subsequent process.
  • The parsing of calldata/returndata should use recursion to decode.
  • Preparation for attack, gf now simply copy attacker txs in 3h. In fact, it can be handled more finely.
  • For handling loops, a more efficient approach should be adopted.
You might also like...
A simple test on interacting between languages with JS and Rust.

NODE-JS-RUST-FFI A simple test on interacting between languages with JS and Rust. How to run Requirements nodejs rustc + cargo Compile First compile t

An API and test-app that exposes zcash functionality for app consumption

Zingolib This repo provides both a library for zingoproxyclient and zingo-mobile, as well as an included cli application to interact with zcashd via l

Parser and test runner for testing compatable common Ethereum full node tests against Polygon Zero's EVM.

EVM Test Parses and runs compatible common Ethereum tests from ethereum/tests against Polygon Zero's EVM. Note: This repo is currently very early in d

Tiny CLI for submitting large calldata transactions to EVM networks to stress test the networking layer. Main motivation: EIP4844blobs.

stress4844 Tiny CLI for submitting large calldata transactions to EVM networks to stress test the networking layer. Main motivation: EIP4844 blobs. ca

Tiny CLI for submitting large calldata transactions to EVM networks to stress test the networking layer

Tiny CLI for submitting large calldata transactions to EVM networks to stress test the networking layer. Main motivation: EIP4844blobs.

Fast way to test a Substrate Runtime via RPC (eg. PolkadotJS UI).

runstrate Fast way to test a Substrate Runtime via RPC (eg. PolkadotJS UI). Build & Run git clone https://github.com/arturgontijo/runstrate cd runstra

Generate Nice Solana Address By Template

Yes, I know about GPU generators. https://smith-mcf.medium.com/solana-vanity-address-using-gpus-5a68ad94d1d4 ./solana-nice-address --help solana-nice-

Generate or convert random bytes into passphrases. A Rust port of niceware.

niceware My blog post: Porting Niceware to Rust A Rust port of niceware. Sections of this README have been copied from the original project. This libr

A rust binding for nodejs to generate md5 hash value

Hasher A rust binding for creating node module to generate md5 hash value This project was bootstrapped by create-neon. Installing hasher Installing h

Owner
fuzzland
🚀 Towards Next Generation Security Infra
fuzzland
Transparency for Mining Pool Transaction Selection

miningpool-observer Transparency for Mining Pool Transaction Selection The miningpool-observer project compares block templates produced by a Bitcoin

0xB10C 36 Nov 25, 2022
Zei is a library that provide tools to create and verify public transaction with confidential data.

#Zei: Findora's Cryptographic Library Zei is a library that provide tools to create and verify public transaction with confidential data. Support: Bas

Findora Foundation 0 Oct 23, 2022
Formats output of Solana's cargo test-bpf/test-sbf command

solfmt Formats output of Solana's cargo test-bpf/test-sbf command. Installation cargo install solfmt Usage Run the your test command as usual (cargo t

Thorsten Lorenz 4 Dec 22, 2022
MD5/SHA256 HASH ATTACK IN RUST

hashraccoon Installation Install cargo curl https://sh.rustup.rs -sSf | sh Install the hashraccoon crate cargo install hashraccoon Download the rockyo

null 3 Nov 5, 2022
Program to determine the password of an encrypted ZIP file via dictionary attack.

zip-dict-attack Program to determine the password of an encrypted ZIP file via dictionary attack. Inspired by this article. Usage Cargo is used to bui

null 2 Oct 8, 2022
An example re-entrancy attack on a flashloan vault.

CosmWasm re-entrancy Exploit Example The exploit example is located in contracts/liquidity_hub/vault-network/exploit_contract. A vault in contracts/li

null 11 Dec 29, 2022
Tony Hawk's Underground 2: Remix Cheat Cracker - Performs dictionary attack on cheat code hashes for THU2R

Tony Hawk's Underground 2 Cheat Cracker A simple utility for cracking cheat codes for Tony Hawk's Underground 2, written in Rust. Background This proj

null 7 Mar 2, 2023
ZKP fork for rust-secp256k1, adds wrappers for range proofs, pedersen commitments, etc

rust-secp256k1 rust-secp256k1 is a wrapper around libsecp256k1, a C library by Peter Wuille for producing ECDSA signatures using the SECG curve secp25

null 53 Dec 19, 2022
MangoBOX is a fork and upgrade of fund-raising protocol Juicebox on Ethereum.

Mangoboxink MangoBOX is a fork and upgrade of fund-raising protocol Juicebox on Ethereum. It rewrites the logic and functions of Juicebox in the smart

Mangobox 0 Oct 13, 2022
An experimental fork of a16z's Helios Ethereum client which can run its network traffic over the Nym mixnet

Helios (Nym mixnet fork) Helios is a fully trustless, efficient, and portable Ethereum light client written in Rust. This fork of Helios includes nasc

Nym 4 Mar 3, 2023