How to use ConsenSys Surya smart contracts tool
pentesting.academy
How to use ConsenSys Surya smart contracts tool
Surya is a tool developed by ConsenSys that help us to explore smart contracts.
First, to install locally use npm:
$ npm install surya
npm WARN deprecated sha1-file@1.0.4: Version 1.x or earlier is no longer supported.
added 64 packages, and audited 65 packages in 9s
3 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.Let’s see who command line options offers:
$ node_modules/surya/bin/surya help
surya <cmd> [args]
Commands:
surya describe <files..> show file contracts structure.
surya graph <files..> generate graph of contract function
calls.
surya inheritance <files..> generate graph of contract
inheritance tree.
surya dependencies <target_contract> output a linearized list of smart
<files..> contract dependencies (linerized
inherited parents).
surya flatten <files..> output to a single flattened
solidity file
surya parse <file> output AST generated by the parser
for the specified file in a textual
tree format.
surya ftrace <function_identifier> output the selected function call
<function_visibility_restrictor> trace in a textual tree format.
<files..> External calls are marked in
`orange` and internal calls are
`uncolored`.
surya mdreport <outfile> <infiles..> output a markdown file
Options:
-h, --help Show help [boolean]
-v, --version Show version number [boolean]Usage against a vulnerable contract (public burn method):
$ node_modules/surya/bin/surya describe ShadowFiToken.sol
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IDEXFactory
- [Ext] createPair #
+ [Int] IDEXRouter
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ ShadowAuth
- [Pub] <Constructor> #
- [Pub] authorizeFor #
- modifiers: authorizedFor
- [Pub] authorizeForMultiplePermissions #
- modifiers: authorizedFor
- [Pub] unauthorizeFor #
- modifiers: authorizedFor
- [Pub] unauthorizeForMultiplePermissions #
- modifiers: authorizedFor
- [Pub] isOwner
- [Pub] isAuthorizedFor
- [Pub] isAuthorizedFor
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] getPermissionNameToIndex
- [Pub] getPermissionUnlockTime
- [Pub] isLocked
- [Pub] lockPermission #
- modifiers: authorizedFor
- [Pub] unlockPermission #
+ [Int] IDividendDistributor
- [Ext] setDistributionCriteria #
- [Ext] setShare #
- [Ext] deposit ($)
- [Ext] process #
- [Ext] claimDividend #
+ DividendDistributor (IDividendDistributor)
- [Pub] <Constructor> #
- [Ext] setDistributionCriteria #
- modifiers: onlyToken
- [Ext] setShare #
- modifiers: onlyToken
- [Ext] deposit ($)
- modifiers: onlyToken
- [Ext] process #
- modifiers: onlyToken
- [Int] shouldDistribute
- [Int] distributeDividend #
- [Ext] claimDividend #
- [Pub] getUnpaidEarnings
- [Int] getCumulativeDividends
- [Int] addShareholder #
- [Int] removeShareholder #
+ ShadowFi (IBEP20, ShadowAuth)
- [Pub] <Constructor> #
- modifiers: ShadowAuth
- [Ext] <Receive Ether> ($)
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Pub] balanceOf
- [Ext] allowance
- [Pub] approve #
- [Ext] approveMax #
- [Ext] transfer #
- [Ext] transferFrom #
- [Int] _transferFrom #
- [Int] _basicTransfer #
- [Int] checkTxLimit
- [Int] shouldTakeFee
- [Pub] getTotalFee
- [Pub] getMultipliedFee
- [Int] takeFee #
- [Int] isSell
- [Int] shouldSwapBack
- [Int] swapBack #
- modifiers: swapping
- [Ext] triggerBuyback #
- modifiers: authorizedFor
- [Ext] clearBuybackMultiplier #
- modifiers: authorizedFor
- [Int] buyTokens #
- modifiers: swapping
- [Ext] setBuybackMultiplierSettings #
- modifiers: authorizedFor
- [Int] launched
- [Int] launch #
- [Ext] setTxLimit #
- modifiers: authorizedFor
- [Ext] setIsDividendExempt #
- modifiers: authorizedFor
- [Ext] setIsFeeExempt #
- modifiers: authorizedFor
- [Ext] setIsTxLimitExempt #
- modifiers: authorizedFor
- [Ext] setFees #
- modifiers: authorizedFor
- [Ext] setFeeReceivers #
- modifiers: authorizedFor
- [Ext] setSwapBackSettings #
- modifiers: authorizedFor
- [Ext] setTargetLiquidity #
- modifiers: authorizedFor
- [Ext] setDistributionCriteria #
- modifiers: authorizedFor
- [Ext] setDistributorSettings #
- modifiers: authorizedFor
- [Pub] getCirculatingSupply
- [Pub] getLiquidityBacking
- [Pub] isOverLiquified
- [Ext] claimDividend #
- [Ext] addPair #
- modifiers: authorizedFor
- [Ext] removeLastPair #
- modifiers: authorizedFor
- [Ext] setFeesOnNormalTransfers #
- modifiers: authorizedFor
- [Ext] setLaunchedAt #
- modifiers: authorizedFor
- [Ext] setAllowedAddress #
- modifiers: onlyOwner
- [Pub] burn #
- [Ext] airdrop #
- modifiers: onlyOwner
- [Ext] isAirdropped
- [Ext] setBlackListed #
- modifiers: onlyOwner
($) = payable function
# = non-constant functionFor control flow graph, first install graphviz package:
# apt-get install graphvizThen,
$ surya graph ShadowFiToken.sol | dot -Tpng > ShadowFiToken.png