iq-scm / swek3 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ethnical/swek3

0.0 0.0 0.0 6.65 MB

Web3 Security Toolbox

Home Page: https://ctf.mevsec.com/

Shell 0.10% JavaScript 0.03% Rust 88.39% HTML 0.01% Solidity 11.47% Yul 0.01%

swek3's Introduction

Swek the EVM Security Toolbox.

Swek is a Security toolbox focused on EVM written in Rust.

Most of the features are designed to help auditors to get faster in the daily works.

Feel free to contact me to add some features or found any bugs.

If you are intersted in Rust, MeV, Solidity Sec join us here => https://discord.gg/uxqbK7wS

Convert Solidity to Interface

Convert Solidity file into an interface using the convert2interface (download the right version of the Solc then compile and extract the interface).

Just need to use the --path parameter.

Onchain

A lists of tools for onchain contracts and incidents response.

get-selectors

Design to get all the selectors from the bytecode of a contract.

Paramaters	Informations
`--address`	address of the contract
`--rpc`	Link to the rpc of the wanted blockchain

Mempool Watcher

A small Mempool Watcher written in Rust.

Need to add lots of features to filter every txs.
Next step add a features to simulates txs.

Contract-info.

Get informations using AST of the contract. /!\ This doesn't compile the contract /!
To have a quick overview of the (functions, modifiers, visibility, library etc...) you can use -m for modifiers and -v for the visibility.

Usage :

Centralisation Risk

The -c set to yes will return some crisk ready to share in markdown (need to pass the modifier).

Usage : swek --path /Users/ethnical/Sec/Rust/oz_implementations/contracts/OffShore.sol -m onlyOwner -c yes

Implemented Features

Visibility Checker : Display all functions in red who has _ but not internal visibility.

Upcoming Features.

Contracts Features:

Analyze directly in (etherscan, snowtrace, moonscan, etc).
Add the view pure etc in modifiers.
Add a params for remapping like --remaps @openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/
Display all the contracts names inside the folder.
Display all the externals calls.

Others features:

private key to address.
Converter Wei Gas.
ByteCode ASM deploy.
Get interface from non compile contract
Check the dif between OZ implentation and the implentation inside the sol file.
Reorganise inside a file the interface and the contract to have them in correct order.
Create a markdown option to store as a markdown file.
Add a kind of "binwalk" on calldata (4bytes signatures).