A static analysis tool for detecting price manipulation vulnerabilities in DeFi protocols based on a inter-contract taint analysis framework.
First follow the instructions in gigahorse-toolchain for instructions on installation of Gigahorse.
Then, run DeFiTainter with the following incantation:
$ python3 defi_tainter.py -bp <chain ID> -la <address1> -sa <address2> -fs <function signature> -bn <block number>- Where
<chain ID>is the blockchain platform where the test contracts is deployed. The blockchain platforms supported by DeFiTainter include ETH, BSC, Avalanche, Polygon, Solana, Fantom, Gnosis. - Where
<address1>is the address of the contract that stores the business logic of the detected DeFi protocol. - Where
<address2>is the address of the contract that stores the business data of the detected DeFi protocol. - Where
<function signature>is the signature of the function to instrument. - Where
<block number>is the block number of the blockchain for setting the context of the test environment.
The test cases in the paper can be found in the ./dataset folder. Within 2 minutes, the result will be output to the screen. It may take a long time to use it for the first time due to compilation.
The ./dataset folder contains the following datasets:
incident.csv: 23 DeFi protocols exploited in real-world price manipulation attacks.high_value.csv: 1195 high-value DeFi protocols.