Top Related Projects
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
Static Analyzer for Solidity and Vyper
Symbolic execution tool
An Analysis Tool for Smart Contracts
Quick Overview
Oyente is an analysis tool for smart contracts written in Solidity. It aims to find potential security vulnerabilities in Ethereum smart contracts by performing symbolic execution on the contract bytecode. Oyente is designed to help developers identify and fix issues before deploying contracts to the Ethereum network.
Pros
- Automated vulnerability detection in smart contracts
- Supports multiple types of security checks (e.g., reentrancy, integer overflow)
- Open-source project with community contributions
- Can be integrated into development workflows
Cons
- May produce false positives or miss some vulnerabilities
- Requires technical knowledge to interpret results effectively
- Not actively maintained (last commit was in 2018)
- Limited documentation and support
Getting Started
To use Oyente, follow these steps:
-
Clone the repository:
git clone https://github.com/enzymefinance/oyente.git
-
Install dependencies:
cd oyente pip install -r requirements.txt
-
Run Oyente on a Solidity file:
python oyente.py -s <path_to_solidity_file>
Note: As the project is not actively maintained, you may encounter compatibility issues with newer versions of Solidity or Python. It's recommended to use it in a controlled environment or consider more up-to-date alternatives for smart contract analysis.
Competitor Comparisons
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
Pros of Mythril
- More actively maintained with frequent updates
- Supports a wider range of smart contract languages (Solidity, Vyper)
- Integrates with popular development frameworks like Truffle and Hardhat
Cons of Mythril
- Slower analysis speed for large contracts
- Higher false positive rate in some cases
- Steeper learning curve for advanced features
Code Comparison
Oyente (Python):
def check_integer_overflow(self):
for instr in self.instructions:
if instr['opcode'] in ['ADD', 'MUL', 'SUB']:
self.integer_overflow.append(instr['address'])
Mythril (Python):
def _analyze_state(self, state):
issues = []
for detector in self.detectors:
issues += detector.detect(state)
return issues
Both tools use Python for their core analysis logic, but Mythril's modular detector system allows for easier extension and customization of vulnerability checks.
Static Analyzer for Solidity and Vyper
Pros of Slither
- More actively maintained with frequent updates
- Supports a wider range of Solidity versions
- Offers a larger set of detectors for various vulnerabilities
Cons of Slither
- Steeper learning curve for configuration and customization
- May produce more false positives, requiring manual verification
Code Comparison
Oyente (Python):
def check_integer_overflow(self):
for block in self.blocks:
for instruction in block.instructions:
if instruction.opcode in ["ADD", "MUL", "SUB"]:
# Overflow check logic
Slither (Python):
def _check_integer_overflow(self, node):
for ir in node.irs:
if isinstance(ir, (Binary, Assignment)):
if ir.type in [BinaryType.ADD, BinaryType.MUL, BinaryType.SUB]:
# More sophisticated overflow detection
Both tools aim to detect integer overflow vulnerabilities, but Slither's implementation is generally more comprehensive and up-to-date with current Solidity practices.
Symbolic execution tool
Pros of Manticore
- More comprehensive analysis capabilities, including symbolic execution
- Actively maintained with regular updates and improvements
- Supports multiple blockchain platforms beyond Ethereum
Cons of Manticore
- Steeper learning curve due to more complex features
- Slower execution time for large-scale analyses
- Requires more system resources to run effectively
Code Comparison
Oyente (simplified usage):
from oyente import run_oyente
result = run_oyente('contract.sol')
print(result.vulnerabilities)
Manticore (simplified usage):
from manticore.ethereum import ManticoreEVM
m = ManticoreEVM()
contract = m.solidity_create_contract('contract.sol')
m.run(timeout=600)
print(m.global_findings)
Key Differences
- Oyente focuses primarily on Ethereum smart contracts, while Manticore supports multiple platforms
- Manticore offers more advanced analysis techniques, including symbolic execution
- Oyente is generally faster for quick vulnerability scans, while Manticore provides deeper analysis
- Manticore has a more active development community and frequent updates
- Oyente may be easier to use for beginners, while Manticore offers more powerful features for advanced users
An Analysis Tool for Smart Contracts
Pros of oyente
- More active development and recent updates
- Larger community and contributor base
- Better documentation and usage examples
Cons of oyente
- Potentially less stable due to frequent changes
- May have more dependencies and complexity
- Could be harder to integrate into existing workflows
Code Comparison
oyente:
def check_integer_overflow(self):
overflow_ops = ['ADD', 'MUL', 'SUB', 'EXP']
for op in overflow_ops:
if op in self.instructions:
return True
return False
oyente>:
def check_integer_overflow(self):
overflow_ops = ['ADD', 'MUL', 'SUB']
for op in self.instructions:
if op in overflow_ops:
return True
return False
The code comparison shows that oyente includes 'EXP' in the list of overflow operations, while oyente> does not. This suggests that oyente may have more comprehensive overflow checking capabilities.
Both repositories appear to be related to Ethereum smart contract analysis tools, with oyente likely being a more actively maintained and feature-rich version. However, oyente> might offer a simpler, more stable alternative for specific use cases or integrations.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Oyente
An Analysis Tool for Smart Contracts
This repository is currently maintained by Xiao Liang Yu (@yxliang01). If you encounter any bugs or usage issues, please feel free to create an issue on our issue tracker.
Quick Start
A container with required dependencies configured can be found here. The image is however outdated. We are working on pushing the latest image to dockerhub for your convenience. If you experience any issue with this image, please try to build a new docker image by pulling this codebase before open an issue.
To open the container, install docker and run:
docker pull luongnguyen/oyente && docker run -i -t luongnguyen/oyente
To evaluate the greeter contract inside the container, run:
cd /oyente/oyente && python oyente.py -s greeter.sol
and you are done!
Note - If need the version of Oyente referred to in the paper, run the container from here
To run the web interface, execute
docker run -w /oyente/web -p 3000:3000 oyente:latest ./bin/rails server
Custom Docker image build
docker build -t oyente .
docker run -it -p 3000:3000 -e "OYENTE=/oyente/oyente" oyente:latest
Open a web browser to http://localhost:3000
for the graphical interface.
Installation
Execute a python virtualenv
python -m virtualenv env
source env/bin/activate
Install Oyente via pip:
$ pip2 install oyente
Dependencies:
The following require a Linux system to fufill. macOS instructions forthcoming.
Full installation
Install the following dependencies
solc
$ sudo add-apt-repository ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install solc
evm from go-ethereum
- https://geth.ethereum.org/downloads/ or
- By from PPA if your using Ubuntu
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository -y ppa:ethereum/ethereum
$ sudo apt-get update
$ sudo apt-get install ethereum
z3 Theorem Prover version 4.5.0.
Download the source code of version z3-4.5.0
Install z3 using Python bindings
$ python scripts/mk_make.py --python
$ cd build
$ make
$ sudo make install
Requests library
pip install requests
web3 library
pip install web3
Evaluating Ethereum Contracts
#evaluate a local solidity contract
python oyente.py -s <contract filename>
#evaluate a local solidity with option -a to verify assertions in the contract
python oyente.py -a -s <contract filename>
#evaluate a local evm contract
python oyente.py -s <contract filename> -b
#evaluate a remote contract
python oyente.py -ru https://gist.githubusercontent.com/loiluu/d0eb34d473e421df12b38c12a7423a61/raw/2415b3fb782f5d286777e0bcebc57812ce3786da/puzzle.sol
And that's it! Run python oyente.py --help
for a list of options.
Paper
The accompanying paper explaining the bugs detected by the tool can be found here.
Miscellaneous Utilities
A collection of the utilities that were developed for the paper are in misc_utils
. Use them at your own risk - they have mostly been disposable.
generate-graphs.py
- Contains a number of functions to get statistics from contracts.get_source.py
- The get_contract_code function can be used to retrieve contract source from EtherScantransaction_scrape.py
- Contains functions to retrieve up-to-date transaction information for a particular contract.
Benchmarks
Note: This is an improved version of the tool used for the paper. Benchmarks are not for direct comparison.
To run the benchmarks, it is best to use the docker container as it includes the blockchain snapshot necessary.
In the container, run batch_run.py
after activating the virtualenv. Results are in results.json
once the benchmark completes.
The benchmarks take a long time and a lot of RAM in any but the largest of clusters, beware.
Some analytics regarding the number of contracts tested, number of contracts analysed etc. is collected when running this benchmark.
Contributing
Checkout out our contribution guide and the code structure here.
Top Related Projects
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
Static Analyzer for Solidity and Vyper
Symbolic execution tool
An Analysis Tool for Smart Contracts
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot