An EVM symbolic execution tool and vulnerability scanner

These details have not been verified by PyPI

Project links

Homepage

Project description

Pakala

"ilo Pakala li pakala e mani sona"

Pakala is a tool to search for exploitable bugs in Ethereum smart contracts.
Pakala is a symbolic execution engine for the Ethereum Virtual Machine.

The intended public for the tool are security researchers interested by Ethereum / the EVM.

Installation

pip3 install pakala

It works only with python 3.

Usage

Let's look at 0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C: it has a transfer(address _to, uint256 _value) function. It is supposedly protected by a require(call.value - _value) >= 0 but that condition always holds because we are substracting two unsigned integers, so the result is also an unsigned integer.

Let's scan it:

./pakala.py 0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C --force-balance="1 ether"

The contract balance being 0, we won't be able to have it send us some ethers. So we override the balance to be 1 ETH: then it has some "virtual" money to send us.

The tool with tell you a bug was found, and dump you a path of "states". Each state corresponds to a transaction, with constraints that needs to be respected for that code path to be taken, storage that has been read/written...

Advice: look at calldata[0] in the constraints to see the function signature for each transaction.

See ./pakala.py help for more complete usage information.

How does it works? What does it do?

See the introductory article for more information and a demo.

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

1.1.10

Feb 18, 2020

1.1.9

Jan 14, 2020

1.1.8

Jan 14, 2020

1.1.7

Jan 14, 2020

1.1.6

Nov 3, 2019

1.1.5

Jul 14, 2019

1.1.4

Jul 9, 2019

1.1.3

Jun 27, 2019

1.1.2

Mar 26, 2019

1.1.1

Mar 14, 2019

1.1.0

Mar 13, 2019

1.0.13

Mar 2, 2019

1.0.12

Mar 2, 2019

1.0.11

Feb 28, 2019

This version

1.0.10

Jan 29, 2019

1.0.9

Dec 29, 2018

1.0.8

Dec 29, 2018

1.0.7

Dec 28, 2018

1.0.6

Dec 28, 2018

1.0.5

Dec 25, 2018

1.0.4

Dec 12, 2018

1.0.3

Dec 5, 2018

1.0.2

Dec 3, 2018

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pakala-1.0.10.tar.gz (30.4 kB view details)

Uploaded Jan 29, 2019 Source

Built Distribution

pakala-1.0.10-py3-none-any.whl (35.9 kB view details)

Uploaded Jan 29, 2019 Python 3

File details

Details for the file pakala-1.0.10.tar.gz.

File metadata

Download URL: pakala-1.0.10.tar.gz
Upload date: Jan 29, 2019
Size: 30.4 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.7.1 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.7.2

File hashes

Hashes for pakala-1.0.10.tar.gz
Algorithm	Hash digest
SHA256	`58b892a4f883803e579a895285cd4ac91fc808001108601a0631afb5af63de06`
MD5	`f86577522574b69e06bbb30014417933`
BLAKE2b-256	`d77649ec0cef39decf19999263e7ca8c909dba65d861a2effe4d53fca75bed99`

See more details on using hashes here.

File details

Details for the file pakala-1.0.10-py3-none-any.whl.

File metadata

Download URL: pakala-1.0.10-py3-none-any.whl
Upload date: Jan 29, 2019
Size: 35.9 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.7.1 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.7.2

File hashes

Hashes for pakala-1.0.10-py3-none-any.whl
Algorithm	Hash digest
SHA256	`c77eb2e51fb34d51a15b70301905307cfaf446e544e46299bab3c28791cae4fa`
MD5	`cec1966d0414e8937193114e413ef432`
BLAKE2b-256	`23ec067d3011dae75d9f17ebc8c534b868643a6ce087589ad14329da399e3e93`