octopus: Security Analysis tool for WebAssembly module and Blockchain Smart Contracts
Octopus
Octopus is a security analysis framework for WebAssembly module and Blockchain Smart Contract.
The purpose of Octopus is to provide an easy way to analyze smart contract security and understand better what is really stored on the blockchain.
Features
- Explorer: Octopus JSON-RPC client implementation to communicate with blockchain platforms
- Disassembler: Octopus can translate bytecode into assembly representation
- Control Flow Analysis: Octopus can generate a Control Flow Graph (CFG)
- Call Flow Analysis: Octopus can generate a Call Flow Graph (function level)
- IR conversion (SSA): Octopus can simplify assembly into Static Single Assignment (SSA) representation
- Symbolic Execution: Octopus use symbolic execution to find new paths into a program
Platforms / Architectures
Octopus support the following types of programs/smart contracts:
- WebAssembly module (WASM)
- Bitcoin script (BTC script)
- Ethereum smart contracts (EVM bytecode)
- Ethereum smart contracts (WASM)
- EOS smart contracts (WASM)
- NEO smart contracts (AVM bytecode)
| BTC | ETH (EVM) | ETH (WASM) | EOS | NEO | WASM | ||
|---|---|---|---|---|---|---|---|
| Explorer | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ⭕️ | |
| Disassembler | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | |
| Control Flow Analysis | ✖️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | |
| Call Flow Analysis | ✖️ | ➕ | ✔️ | ✔️ | ➕ | ✔️ | |
| IR conversion (SSA) | ✖️ | ✔️ | ➕ | ➕ | ✖️ | ✔️ | |
| Symbolic Execution | ✖️ | ➕ | ➕ | ➕ | ✖️ | ➕ |
- PyPI package ✔️
Install && Use
Copyright (c) 2018 QuoScient GmbH
