An EVM symbolic execution tool and vulnerability scanner
"ilo Pakala li pakala e mani sona"
- Pakala is a tool to search for exploitable bugs in Ethereum smart contracts.
- Pakala is a symbolic execution engine for the Ethereum Virtual Machine.
The intended public for the tool are security researchers interested by Ethereum / the EVM.
pip3 install pakala
It works only with python 3.
Let's look at 0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C:
it has a
transfer(address _to, uint256 _value) function. It is supposedly protected by a
require(call.value - _value) >= 0
but that condition always holds because we are substracting two unsigned integers, so the result is also an unsigned integer.
Let's scan it:
pakala 0xeBE6c7a839A660a0F04BdF6816e2eA182F5d542C --force-balance="1 ether"
The contract balance being 0, we won't be able to have it send us some ethers. So we override the balance to be 1 ETH: then it has some "virtual" money to send us.
The tool with tell you a bug was found, and dump you a path of "states". Each state corresponds to a transaction, with constraints that needs to be respected for that code path to be taken, storage that has been read/written...
Advice: look at
calldata in the constraints to see the function signature for each transaction.
pakala help for more complete usage information.
How does it works? What does it do?
See the introductory article for more information and a demo.
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|pakala-1.1.2-py3-none-any.whl (52.1 kB) Copy SHA256 hash SHA256||Wheel||py3|
|pakala-1.1.2.tar.gz (34.3 kB) Copy SHA256 hash SHA256||Source||None|