How to install and use Oyente — a smart contract analyzer Coinmonks – Medium

What is and why Oyente?

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. Recently there’s been a steady adoption for Ethereum smart contracts. As the primary smart contract language, Solidity was influenced by C++, Python and JavaScript and is designed to target the Ethereum Virtual Machine (EVM). But these smart contracts are vulnerable to certain attacks.

Oyente, a smart contract auto-auditing tool, analyse smart contracts and returns possible bug attacks on it including the famous DAO attack. This was developed by researchers from National University of Singapore in Jan 2016. You can refer the paper presented on 23rd ACM CCS conference here.

In this article, we will demonstrate how to install and use Oyente with and without docker.

Most common error encountered during installing oyente tool is web3 requires Python ‘≥3.5, <4’ but the running python is 2.7.*

Error while executing command “pip install oyente”

You may have tried changing pyhton versions, installing 3.7-dev but still you’ll encounter the above error.

But here we discuss, how to install without any errors. For development purposes, running oyente source code will be better option compared to dockerised oyente. Anyhow we will discuss both the ways.

Installing with docker is easiest method since docker itself creates the environment required for running Oyente.

To open container, install docker and run

sudo apt-get update

To evaluate the greeter contract inside the container, run

cd /oyente/oyente

and you’re done.

But every time you evaluate a new smart contract you’ve to create a file in the container using unix commands and run the last command. You can install vim in the docker container, still it’s a hectic task to create and edit files.

Oyente tool requires the following dependencies:

  • Solc
  • Geth and evm
  • Z3
  • Python

There are two methods for this, both methods need the following commands to be run

If you haven’t installed python in your system, run the following commands

sudo apt install software-properties-common

Install z3. For this, download the file from this link here.

Extract files, move into the directory and run the following commands (this gonna take a while more than you expect):

python scripts/mk_make.py -python

You need to install this library,

sudo apt-get install libz3-dev

Installing the Oyente tool:

For this you need to install pip

sudo apt install python3-pip

Exectute the following commands:

sudo apt-get install solc

The above command fails and returns an error in most of the cases, if it works you can use by running the below commands:

oyente -s <contract name>

If you are getting compilation failed, even though your smart contracts run successfully in other tools that’s because of mismatch in the versions of solc and evm. Follow the steps in next methods to install proper versions of solc and evm.

Running the source code:

In this method, just like previous ones we create the required environment by downloading and installing dependencies. At the time this article has been written, oyente has been officially tested for solc version 0.4.19 and evm 1.7.3 however it’s better to use solc version 0.4.24 because of additional features.

Oyente tool has built based on solc version 0.4.19 and evm version 1.7.3. Using the tool with latest versions of dependencies will result in compilation failed.

Since downgrading to lower versions for these packages is not easy, it’s recommended to download the required version binary files and copy these files to /usr/bin directory

Download solc binary file. Link here.

If you need other versions, refer this.

Extract files and execute following commands

sudo cp solc /usr/bin/

solc--version this command returns the version of solc.

Download geth tools here.

For other versions, refer this.

Extract and execute following commands

sudo cp geth /usr/bin/

Download the oyente project source code from here, locate to oyente directory and run the following commands:

python oyente.py -s <contract name>

Using -ce flag after contract name will let you know the error you are facing.

If you’ve encountered an error stating unknown module z3 or something related to z3, then it is due to improper installation of z3 libraries. Go through the previous part where discussed installation of z3 dependency.

Check if output is something like the above. If yes, you’ve successfully installed the dependencies. You’re good to go!!!

Although Oyente helps in discovering possible vulnerabilities, it has been designed for solidity versions upto 0.4.24. Any solidity code greater than or equal to 0.5 will return errors. Oyente gives lesser false alarms compared to other auditing tools. Most of the users suggest to use auto-auditing only after a manual review instead of other way around.

[chinadefi提示]点击查看原链接

What do you think?

发表评论

电子邮件地址不会被公开。 必填项已用*标注

Loading…

0

Comments

0 comments

Okay Hodlers i gots a question regarding this trezor i just bought Bitcoin – The Currency of the Internet

FYI for US Bitcoiners.. You can get your stimulus money via Cash App directly now, and obviously they also let you buy Bitcoin direct. Bitcoin – The Currency of the Internet