|
1 | | -# WANA |
2 | | -A Symbolic Execution Engine for Wasm Bytecode and A Cross-Platform Smart Contract Vulnerability Detector |
| 1 | +# WANA |
| 2 | +A Symbolic Execution Engine for Wasm Bytecode and A Cross-Platform Smart Contract Vulnerability Detector |
| 3 | + |
| 4 | +## Smart Contract |
| 5 | +To evaluate a smart contract, the wasm smart contract is needed. The wasm bytecode file generated from two sources |
| 6 | +as following. |
| 7 | + |
| 8 | + + EOSIO smart contract. Using official development kit, developer could compile cpp or rust source code to wasm |
| 9 | + + Ethereum smart contract. By compiling solidity source code via [soll](https://github.com/second-state/SOLL) or |
| 10 | + [solang](https://github.com/hyperledger-labs/solang), developer could get the corresponding wasm file. |
| 11 | + |
| 12 | +Of course, WANA could execute any wasm file other than smart contract. Therefore, any valid wasm file will be |
| 13 | +symbolic executed correctly. |
| 14 | + |
| 15 | +## Project Structure |
| 16 | +The main components of WANA is as follow. |
| 17 | + + `wana.py` is the entry point, and it read a wasm file or directory include wasm files to symbolic execution. |
| 18 | + + `sym_exec.py` is the logic of symbolic execution, it includes the function-level and instruction-level execution. |
| 19 | + + `bug_analyzer.py` is the vulnerability analysis unit, therefor all record or pattern matching logic are here. |
| 20 | + + `global_variables.py` save states while symbolic execution, includes vulnerability count, loop depth and etc. |
| 21 | + + `bin_format.py` and `bin_reader.py` include bytecode binary representation and reading approach respectively. |
| 22 | + + `structure.py` and `runtime.py` represent WebAssembly bytecode structure and virtual machine runtime structure. |
| 23 | + + `number.py`, `utils.py` and `logger.py` are helper modules. |
| 24 | + |
| 25 | +## Usage |
| 26 | +Firstly, the prerequisites in [requirements.txt](./requirements.txt) should be correctly installed. |
| 27 | + |
| 28 | +The following command will analyze the EOSIO smart contract `contract.wasm` with timeout 20 seconds. The `-t` is |
| 29 | +optional, the symbolic execution won't be interrupted until complete analysis if `-t` not set. |
| 30 | +```bash |
| 31 | +python3 wana.py -t 20 -e contract.wasm |
| 32 | +``` |
| 33 | + |
| 34 | +Using the follow command, WANA will analyze all smart contracts in the directory `contracts_directory`. |
| 35 | +```bash |
| 36 | +python3 wana.py -a contracts_directory/ |
| 37 | +``` |
| 38 | + |
| 39 | +To analyze Ethereum smart contract, the option `--sol` is needed. |
| 40 | +```bash |
| 41 | +python3 wana.py --sol -e ethereum_contract.wasm |
| 42 | +``` |
| 43 | + |
| 44 | +## Input and Output |
| 45 | +At present, WANA only support wasm file as its input. The output, namely vulnerability report, is stdout. The output |
| 46 | +format is as follow. |
| 47 | +```bash |
| 48 | +contract.wasm: fake eos found |
| 49 | +contract.wasm: forged transfer notification found |
| 50 | +``` |
| 51 | + |
| 52 | +## Reference Website |
| 53 | +1. https://webassembly.org/ |
| 54 | +2. https://github.com/WebAssembly/ |
| 55 | +3. https://developer.mozilla.org/en-US/docs/WebAssembly |
| 56 | + |
| 57 | + |
0 commit comments