octopus: Security Analysis tool for WebAssembly module and Blockchain Smart Contracts

Blockchain Smart Contracts

Octopus

Octopus is a security analysis framework for WebAssembly module and Blockchain Smart Contract.

The purpose of Octopus is to provide an easy way to analyze smart contract security and understand better what is really stored on the blockchain.

Blockchain Smart Contracts

Features

  • Explorer: Octopus JSON-RPC client implementation to communicate with blockchain platforms
  • Disassembler: Octopus can translate bytecode into assembly representation
  • Control Flow Analysis: Octopus can generate a Control Flow Graph (CFG)
  • Call Flow Analysis: Octopus can generate a Call Flow Graph (function level)
  • IR conversion (SSA): Octopus can simplify assembly into Static Single Assignment (SSA) representation
  • Symbolic Execution: Octopus use symbolic execution to find new paths into a program

Platforms / Architectures

Octopus support the following types of programs/smart contracts:

  • WebAssembly module (WASM)
  • Bitcoin script (BTC script)
  • Ethereum smart contracts (EVM bytecode)
  • Ethereum smart contracts (WASM)
  • EOS smart contracts (WASM)
  • NEO smart contracts (AVM bytecode)
BTC ETH (EVM) ETH (WASM) EOS NEO WASM
Explorer ✔️ ✔️ ✔️ ✔️ ✔️ ⭕️
Disassembler ✔️ ✔️ ✔️ ✔️ ✔️ ✔️
Control Flow Analysis ✖️ ✔️ ✔️ ✔️ ✔️ ✔️
Call Flow Analysis ✖️ ✔️ ✔️ ✔️
IR conversion (SSA) ✖️ ✔️ ✖️ ✔️
Symbolic Execution ✖️ ✖️
  • PyPI package ✔️

Install && Use

Copyright (c) 2018 QuoScient GmbH