ContractFuzzer icon indicating copy to clipboard operation
ContractFuzzer copied to clipboard

Published 20 hours ago verified publisher icon gongbell

How to implement to detect 'freezing ether' bug?

Open kimdora opened this issue 5 years ago • 2 comments

I read the 'ContractFuzzer' paper. And I am confused how to detect freezing ether bugs 'exactly' because the paper explained it too rough. I want to know it in detail so I'm looking for code implementing freezing ether bug oracle. But I can't find it. Can you tell me which file implements freezing ether bug oracle?

kimdora avatar Feb 05 '20 06:02 kimdora

Now I think freezing ether detector is removed from the source code. Refer to https://github.com/gongbell/ContractFuzzer/blob/master/contract_fuzzer/src/ContractFuzzer/server/server.go#L291

kimdora avatar Aug 17 '20 19:08 kimdora

Please check this script:

https://github.com/gongbell/ContractFuzzer/blob/master/geFreezingEther.py

This vulnerability is detected mainly through static analysis of the bytecode (no opcode to send ether) and the execution log(balance can be greater than 0 during execution).

This was the implementation realized in the original paper.

A better way to check whether a contract can receive ether is to check whether there is any function having the payable modifier through bytecode analysis.

gongbell avatar Aug 18 '20 00:08 gongbell