Playing Ethernaut manually and with security tools.
Ethernaut (The CTF)Foundry (To install, DApp framework, manual exploits)Slither (To install, Static Analyse), detecting vulnerabilities)Echidna (To install, Fuzzing, finding bugs with property testing)Manticore (To install, Symbolic Execution, finding sequences of actions leading to exploit)
(Foundry) Run all manual exploits :
(Foundry) Run single manual exploit :
forge test --match-contract Fallback
(Slither) Log contract vulnerabilities :
slither src/1_Fallback/Fallback.sol
(Echidna) Find bug (assuming Echidna binaries located at home ):
~/echidna-test ./src/1_Fallback/EchidnaFallback.sol --config ./src/1_Fallback/echidna_config.yaml
(Manticore) Log list of exploit TX series (attacker executed withdraw) from pre-computed results :
grep withdraw src/1_Fallback/mcore_cli_result/*.tx
(Manticore) Log details from single exploit TX set :
cat src/1_Fallback/mcore_cli_result/user_00000008.tx
(Manticore) Find exploit series by exploring all contract states (time consuming):
cd src/1_Fallback/ && manticore Fallback.sol && cd ../..
(Manticore) Find exploit while providing constraints :
cd src/1_Fallback/ && python3 manticore_fallback.py && cd ../..