hashgraph · arianejasuwienas · May 7, 2024 · May 8, 2024
@@ -0,0 +1,72 @@
+# MAIAN
+
+[MAIAN](https://github.com/ivicanikolicsg/MAIAN) is a tool specifically designed to find security vulnerabilities
+in Smart Contracts that operate on Ethereum and other blockchain platforms. MAIAN main aim is to detect three
+types of problematic contracts:
+- **suicidal contract**: one that can be forced to self-destruct by any external user, not just their owner.
+- **prodigal contract**: one that can inadvertently leak funds to arbitrary addresses due to improper handling of
+  Ether transfers.
+- **greedy contract**: one that locks funds indefinitely, making them irretrievable.
+  Its key features are:
+- Capability of analyzing both Solidity source code and bytecode.
+- Automated analysis with detailed reporting of vulnerabilities.
+- Graphical representations of control flow to aid in the understanding of contract behavior.
+- Integrated support for deployment analysis.
+- Easily integrates with continuous integration pipelines for ongoing security assessment.
+  The tool is especially effective at finding specific types of security flaws that involve the misuse of funds within contracts
+
+## Installation:
+Due to changes in web3.py library introduced in version 3.5.5V (including), an attempt to start MAIAN, using instructions from
+[github repo](https://github.com/ivicanikolicsg/MAIAN), ends with an error prompt that may be found [here](example_build_execution_error.md)
+Further discussion regarding this error may be found [here](https://github.com/ethereum/web3.py/issues/879)
+Alternative ways to run MAIAN are:
+1) Running with manual downgrade od Python to v2 and web3.py to 3.5.4V
+2) Running inside the Docker container:
+```Shell
+docker pull cryptomental/maian-augur-ci
+docker run -it cryptomental/maian-augur-ci
+cd MAIAN/tool && python2 maian.py -s example_contracts/example_suicidal.sol KAI -c 0
+```
+> **NOTE**: There is no `solc-select preinstalled` in the docker image. In order to change the version run:
+> ```shell
+> wget https://github.com/ethereum/solidity/releases/download/{your_[docker-compose.yaml](docker-compose.yaml)
+[analysis.md](analysis.md)
+[signing_transactions.md](signing_transactions.md)version}/solc-static-linux && mv solc-static-linux /usr/bin/solc
+> ```
+> where `{your_version}` is desired solidity compiler version, ie. v0.8.24.
+## Examples of executions:
+* [Suicidal contract detection](execution_examples/suicidal_detection.md)
+* [Leak detection](execution_examples/leak_detection.md)
+* [AtomicHTS.sol check](execution_examples/AtomicHTS.md)
+* [HederaTokenService.sol check](execution_examples/HederaTokenService.md)
+
+## Tool analysis:
+### Attempt of replacing Ethereum's JSON RPC to Hedera's JSON RPC relay:
+As of April 2024, MAIAN across the last six years was not in active development. This state leads the tool to be
+out of date and lacks support for newer features. This leads to multiple challenges, most impactful ones
+are the following:
+- **Differences in RPC Methods Ethereum's JSON RPC API**: Hedera does not support `eth_sendTransaction`.
+  The available alternative is: `eth_sendRawTransaction` which requires transactions to be signed before being submitted,
+  this additional step would have to be implemented in the MAIAN code. For further reading, see [this document](signing_transactions.md)
+- **Lack of Transaction Signing functionality**: In Ethereum, the unlocked account can automatically sign transactions,
+  whereas, in Hedera, the transaction needs to be pre-signed. MAIAN lack of support for modern cryptographic libraries such as:
+  `eth_account`, a newer version of `web3.py`, `pycryptodome`, will substantially impede alignment for the network in this
+  field.
+- **Library and language limitations**: due to out-of-date dependencies and environment, MAIAN lacks built-in support
+  for SHA-3 (KECCAK-256), which is essential for Ethereum-style transactions and required for compatibility with
+  Hedera's API, support for integrated account management, and transaction signing functionalities are also missing
+- **Security and Maintenance Concerns**: using outdated software causes both Security risks and increases maintenance
+  efforts
+
+### Recommendations and possible investments in the tool:
+- **Upgrade Python and web3.py**: Moving to at least Python 3.6+ and the latest version of web3.py would provide
+  support for modern cryptographic functions, easier management of dependencies, and improve security.
+- **Client-side Transaction Signing**: Implement client-side transaction signing to adapt to Hedera’s
+  `eth_sendRawTransaction`.
+- **Review and Adapt to Hedera’s API**: Thoroughly review Hedera’s API capabilities to understand the adjustments
+  needed in the application to accommodate Hedera's specific methods and operational paradigms.
+
+> **Support**:
+> Even though MAIAN is not officially marked as abandoned, the last changes were introduced to the code base 6 years ago.
+> Further work with this tool should be preceded by migrating it to a supported Python version and dropping
+> archival dependencies from its codebase.
@@ -0,0 +1,6 @@
+services:
+  maian:
+    image: cryptomental/maian-augur-ci
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    entrypoint: ["sleep", "infinity"]
@@ -0,0 +1,71 @@
+```shell
+
+====================================================================================================
+[ ] Compiling Solidity contract from the file /examples/hts-precompile/AtomicHTS.sol ...  Done 
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED 
+[ ] Deploying contract ........... confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306 
+[ ] Contract code length on the blockchain :    2  : 0x... 
+[ ] Contract address saved in file: ./out/AtomicHTS.address 
+[ ] Check if contract is SUICIDAL
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : ...
+[ ] Bytecode length    : 0
+[ ] Blockchain contract: True
+[ ] Debug              : False
+
+[-] The code does not contain SUICIDE instructions, hence it is not vulnerable
+```
+
+```shell
+root@194c8c7535a2:/MAIAN/tool# python2 maian.py -s /examples/hts-precompile/AtomicHTS.sol AtomicHTS -c 1
+
+====================================================================================================
+[ ] Compiling Solidity contract from the file /examples/hts-precompile/AtomicHTS.sol ...  Done 
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED 
+[ ] Sending Ether to contract 0x9e536236abf2288a7864c6a1afaa4cb98d464306  ... tx[0] mined  Sent! 
+[ ] Deploying contract .......................... confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306 
+[ ] Contract code length on the blockchain :    2  : 0x... 
+[ ] Contract address saved in file: ./out/AtomicHTS.address 
+[ ] The contract balance: 44   Positive balance
+[ ] Check if contract is PRODIGAL
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : ...
+[ ] Bytecode length    : 0
+[ ] Blockchain contract: True
+[ ] Debug              : False
+[+] The code does not have CALL/SUICIDE, hence it is not prodigal
+```
+
+```shell
+root@194c8c7535a2:/MAIAN/tool# python2 maian.py -s /examples/hts-precompile/AtomicHTS.sol AtomicHTS -c 2
+
+====================================================================================================
+[ ] Compiling Solidity contract from the file /examples/hts-precompile/AtomicHTS.sol ...  Done 
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED 
+[ ] Deploying contract ............. confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306 
+[ ] Contract code length on the blockchain :    2  : 0x... 
+[ ] Contract address saved in file: ./out/AtomicHTS.address 
+[ ] Check if contract is GREEDY
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : ...
+[ ] Bytecode length    : 0
+[ ] Debug              : False
+[-] Contract can receive Ether
+
+[-] No lock vulnerability found because the contract cannot receive Ether 
+```
@@ -0,0 +1,72 @@
+```shell
+root@194c8c7535a2:/MAIAN/tool# python2 maian.py -s /examples/example_hbar_to_and_from_contract.sol hbarToAndFromContract -c 0
+
+====================================================================================================
+[ ] Compiling Solidity contract from the file /examples/example_hbar_to_and_from_contract.sol ...  Done 
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED 
+[ ] Deploying contract ........... confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306 
+[ ] Contract code length on the blockchain :    2  : 0x... 
+[ ] Contract address saved in file: ./out/hbarToAndFromContract.address 
+[ ] Check if contract is SUICIDAL
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : ...
+[ ] Bytecode length    : 0
+[ ] Blockchain contract: True
+[ ] Debug              : False
+
+[-] The code does not contain SUICIDE instructions, hence it is not vulnerable
+```
+
+```shell
+root@194c8c7535a2:/MAIAN/tool# python2 maian.py -s /examples/example_hbar_to_and_from_contract.sol hbarToAndFromContract -c 1
+
+====================================================================================================
+[ ] Compiling Solidity contract from the file /examples/example_hbar_to_and_from_contract.sol ...  Done 
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED 
+[ ] Sending Ether to contract 0x9e536236abf2288a7864c6a1afaa4cb98d464306  . tx[0] mined  Sent! 
+[ ] Deploying contract ........... confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306 
+[ ] Contract code length on the blockchain :    2  : 0x... 
+[ ] Contract address saved in file: ./out/hbarToAndFromContract.address 
+[ ] The contract balance: 44   Positive balance
+[ ] Check if contract is PRODIGAL
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : ...
+[ ] Bytecode length    : 0
+[ ] Blockchain contract: True
+[ ] Debug              : False
+[+] The code does not have CALL/SUICIDE, hence it is not prodigal
+```
+
+```shell
+root@194c8c7535a2:/MAIAN/tool# python2 maian.py -s /examples/example_hbar_to_and_from_contract.sol hbarToAndFromContract -c 2
+
+====================================================================================================
+[ ] Compiling Solidity contract from the file /examples/example_hbar_to_and_from_contract.sol ...  Done 
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+/usr/local/lib/python2.7/dist-packages/web3/main.py:130: DeprecationWarning: Python 2 support is ending! Please upgrade to Python 3 promptly. Support will end at the beginning of 2018.
+  category=DeprecationWarning,
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED 
+[ ] Deploying contract ...... confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306 
+[ ] Contract code length on the blockchain :    2  : 0x... 
+[ ] Contract address saved in file: ./out/hbarToAndFromContract.address 
+[ ] Check if contract is GREEDY
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : ...
+[ ] Bytecode length    : 0
+[ ] Debug              : False
+[-] Contract can receive Ether
+
+[-] No lock vulnerability found because the contract cannot receive Ether 
+```
@@ -0,0 +1,32 @@
+```shell
+[ ] Compiling Solidity contract from the file example_contracts/example_prodigal.sol ...  Done
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED
+[ ] Sending Ether to contract 0x9e536236abf2288a7864c6a1afaa4cb98d464306  ... tx[0] mined  Sent!
+[ ] Deploying contract ............ confirmed at address: 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract code length on the blockchain :    7754  : 0x6060604052600436106100d05760...
+[ ] Contract address saved in file: ./out/KAI.address
+[ ] The contract balance: 44   Positive balance
+[ ] Check if contract is PRODIGAL
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : 6060604052600436106100d0576000357c0100000000000000...
+[ ] Bytecode length    : 7752
+[ ] Blockchain contract: True
+[ ] Debug              : False
+
+[ ] Search with call depth: 1   : 1111111
+[ ] Search with call depth: 2   : 11222222211122222212222
+
+[-] Leak vulnerability found!
+
+    The following 2 transaction(s) will trigger the contract to leak:
+    -Tx[1] :0bb5e62b
+    -Tx[2] :41c0e1b5
+
+    The transactions correspond to the functions:
+    -EGC()
+    -kill()
+
+[ ] Confirming leak vulnerability on private chain ... ......................... tx[0] mined ....................... tx[1] mined
+    Confirmed ! The contract is prodigal !
+```
@@ -0,0 +1,32 @@
+```shell
+====================================================================================================
+[ ] Compiling Solidity contract from the file example_contracts/example_suicidal.sol ...  Done
+[ ] Connecting to PRIVATE blockchain emptychain  ... ESTABLISHED
+
+[ ] Deploying contract .............................................................................
+[ ] Contract code length on the blockchain :    7754  : 0x6060604052600436106100d05760...
+[ ] Contract address saved in file: ./out/KAI.address
+[ ] Check if contract is SUICIDAL
+
+[ ] Contract address   : 0x9E536236ABF2288a7864C6A1AfaA4Cb98D464306
+[ ] Contract bytecode  : 6060604052600436106100d0576000357c0100000000000000...
+[ ] Bytecode length    : 7752
+[ ] Blockchain contract: True
+[ ] Debug              : False
+
+[ ] Search with call depth: 1   : 1111111
+[ ] Search with call depth: 2   : 11222222211122222212222
+
+[-] Suicidal vulnerability found!
+
+    The following 2 transaction(s) will trigger the contract to be killed:
+    -Tx[1] :0bb5e62b
+    -Tx[2] :41c0e1b5
+
+    The transactions correspond to the functions:
+    -EGC()
+    -kill()
+
+[ ] Confirming suicide vulnerability on private chain ... .................. tx[0] mined .................. tx[1] mined
+    Confirmed ! The contract is suicidal !
+```
@@ -0,0 +1,26 @@
+### Overview
+
+The point of this document is to analyze how different web3 providers handle the eth_sendTransaction method.
+
+Method [eth_sendTransaction](https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sendtransaction) creates a new message call transaction or a contract creation, if the data field contains code, and signs it using the account specified in "from" field.
+
+The main focus of the analysis is detecting the source of the private key used to sign the transaction across multiple JSON RPC API implementations.
+
+### Comparison
+
+1. [GETH](https://geth.ethereum.org/docs/interacting-with-geth/rpc/ns-personal) (historically). This is the implementation required by the MAIAN tool.
+    - Private key is provided by [eth_personal_importRawKey](https://web3js.readthedocs.io/en/v1.2.7/web3-eth-personal.html#importrawkey). Password is submitted together with the private key, and will be required to unlock this key in the next steps.
+    - Account has to be [unlocked](https://web3js.readthedocs.io/en/v1.2.7/web3-eth-personal.html#unlockaccount) in order to be used to signing the transaction. In order to unlock the account user has to submit the password it is associated with.
+    - eth_sendTransaction can be used. If the account provided in the "from" field is unlocked its private key will be used to create a signature.
+
+IMPORTANT! Sending your account password over an unsecured HTTP RPC connection is highly insecure. The usage of this method is already deprecated in GETH. An alternative way of using an additional tool called Clef is proposed to avoid sending secured data through JSON RPC.
+
+2. [Infura](https://docs.infura.io/api/networks/ethereum/json-rpc-methods/eth_sendtransaction)
+    - Method is not present in Infura's implementation of JSON RPC.
+    - Recent versions of Web3 client (i.e. v1.2) support a method called eth_sendTransaction, but it signs the transaction locally using the private key of the account and then sends the transaction via web3.eth.sendSignedTransaction (a wrapper for eth_sendRawTransaction). This approach enhances security by avoiding the transmission of private keys.
+
+3. [Alchemy](https://docs.alchemy.com/reference/ethereum-api-endpoints)
+    - Implementation of method eth_sendTransaction is not implemented.
+    - Approach recommended by Infura (signing transactions locally) is also applicable when using Alchemy.
+
+MAIAN uses an outdated version of the Web3.py client which is not capable of signing the transaction in a way similar to the one described in Infura`s documentation. Updating it would be required to make this tool work properly with any modern, secure, JSON RPC API.