From 6e1fced9cced74b8750900687eaf22503564da32 Mon Sep 17 00:00:00 2001 From: "maciek.nabialek" Date: Mon, 6 May 2024 14:42:42 +0200 Subject: [PATCH] Adds analysis for Manticore tool Signed-off-by: maciek.nabialek --- tools/manticore-analysis/analysis.md | 56 ++++++++++++++++++++ tools/manticore-analysis/docker-compose.yaml | 6 +++ 2 files changed, 62 insertions(+) create mode 100644 tools/manticore-analysis/analysis.md create mode 100644 tools/manticore-analysis/docker-compose.yaml diff --git a/tools/manticore-analysis/analysis.md b/tools/manticore-analysis/analysis.md new file mode 100644 index 0000000000..8ed97085c7 --- /dev/null +++ b/tools/manticore-analysis/analysis.md @@ -0,0 +1,56 @@ +# Manticore +[Manticore](https://github.com/trailofbits/manticore) is a versatile symbolic execution tool that can analyze Ethereum Smart Contracts, +Linux binaries, and Windows binaries. It's widely used for security auditing and testing of +applications where security is paramount. Its main features include: +- **Program Exploration**: executing a program with symbolic inputs and exploring all the possible states it can reach, +- **Input Generation**: producing concrete inputs that result in a given program state, +- **Error Discovery**: detecting crashes and other failure cases in binaries and Smart Contracts, +- **Instrumentation**: providing fine-grained control of state exploration via event callbacks and instruction hooks, +- **Programmatic Interface**: exposing programmatic access to its analysis engine via a Python API. + +Manticore can analyze the following types of programs: + +- Ethereum Smart Contracts (EVM bytecode) +- Linux ELF binaries (x86, x86_64, aarch64, and ARMv7) +- WASM Modules + +## Installation and execution: +- Installing by PIP results in [protobuf incorrect version error](sample_execution/execution_errors.md#pip-instalation) + (described better here: https://github.com/trailofbits/manticore/issues/2600) +- Build attempt with docker image version 3.7+ result in [attribute error](sample_execution/execution_errors.md#docker-v37-and-latest-) +- Build attempt with docker image version 3.6 results in [tool custom exception](sample_execution/execution_errors.md#docker-v36) +- Manticore may be built on docker image version 3.5. Execution example may be found [here](sample_execution/sample_execution.md), + and output files generated by the Manticore may be found under: `./Manticore/sample_execution_outputs` +> **Support**: +> This project is no longer internally developed and maintained. The team responsible for creating this tool announced its +> readiness to review and accept small, well-written pull requests by the community (only bug fixes and minor +> enhancements shall be considered). But there have veen no changes in the tool`s codebase since December 2022. All error +> executions may be found in [this file](sample_execution/execution_errors.md) + +### Custom detector investigation +Manticore has no documented ways to introduce new detectors. It requires adding a new detector class to [detectors.py](https://github.com/trailofbits/manticore/blob/master/manticore/ethereum/detectors.py) file and importing it in cli.py (for command line interface analysis). +## Recommendations and possible investments in the tool: +* Issues encountered in the latest versions of the application should be resolved. +---- +# Guidelines for using Ethereum precompiles in Hedera: +1. Hedera supports ED25519 accounts, ecrecover works correctly only for ECSDA accounts. This must be noted during potential + contract migration (Slither detector placed in this repository can be used to check for ecrecover usage in the contract to + migrate). +2. There are precompiles which may be missing from Hedera EVM that are present in current EVM version. + For example Cancun-related updates are yet to be implemented as for end of April 2024. +3. By the [docs](https://docs.hedera.com/hedera/sdks-and-apis/sdks/token-service/associate-tokens-to-an-account). + When using the Hedera Token Service it is important to check if the token is associated with the receiving account. +4. List of pain points between Hedera EVM and vanilla Ethereum EVM: + - ECDSA aliases can be possibly changed in Hedera, which can lead to a new account address, this may influence whitelists + systems, transaction validation, and potential vulnerability in replay attacks and authorization issues, + - If a contract relies on specific addresses for functionality or permissions, redeploying or updating these contracts + may be necessary to align with new address formats. + More information [here](https://medium.com/@Arkhia/creating-an-ecdsa-based-account-with-an-alias-on-hedera-5d5d8b2cc1e9) + - OpenZeppelin - the most widely used library used in Solidity Smart Contracts. Contracts using ecrecover: + - ERC20Wrapper + - ERC2771Forwarder + - ERC721Wrapper + - ERC20Permit + - governance/utils/Votes + - Utils: EIP712Verifier, cryptography/ECDSA, SignatureChecker +5. A list of differences between Hedera EVM and vanilla Ethereum EMV should be created and maintained. diff --git a/tools/manticore-analysis/docker-compose.yaml b/tools/manticore-analysis/docker-compose.yaml new file mode 100644 index 0000000000..eac482ef1e --- /dev/null +++ b/tools/manticore-analysis/docker-compose.yaml @@ -0,0 +1,6 @@ +services: + manticore: + image: trailofbits/manticore:0.3.5 + extra_hosts: + - "host.docker.internal:host-gateway" + entrypoint: ["sleep", "infinity"]