xguard

https://github.com/seccross/xguard

Science Score: 49.0%

This score indicates how likely this project is to be science-related based on various indicators:

○
CITATION.cff file
✓
codemeta.json file
Found codemeta.json file
✓
.zenodo.json file
Found .zenodo.json file
✓
DOI references
Found 1 DOI reference(s) in README
✓
Academic publication links
Links to: ieee.org, acm.org
○
Academic email domains
○
Institutional organization owner
○
JOSS paper metadata
○
Scientific vocabulary similarity
Low similarity (8.5%) to scientific vocabulary

Last synced: 6 months ago · JSON representation

Repository

Basic Info

Host: GitHub
Owner: seccross
License: agpl-3.0
Language: Python
Default Branch: develop
Size: 51.1 MB

Statistics

Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Releases: 0

Created about 2 years ago · Last pushed about 1 year ago

Metadata Files

Readme Contributing License Citation Codeowners

XGUARD: guard for cross-chain.

XGuard is a static static analyzer developed based on Slither, designed to detect inconsistency behaviors in cross-chain bridge contracts.

Related works

[1] Mythril is a security analysis tool for EVM bytecode, It detects security vulnerabilities in smart contracts.

[2] Manticore is a symbolic execution tool for the analysis of smart contracts and binaries.

[3] Xscope defines three types of crosschain-specific security issues and proposes a tool to identify vulnerable crosschain bridges by analyzing corresponding historical crosschain transactions.

[1] and [2] can only capture normal smart contract vulnerabilities, such as reentrancy and overflow, but fail to against crosschain-specific security issues. [3] requires a considerable number of crosschain transactions to identify the security of crosschain bridges and fails to identify the root cause of security issues in crosschain bridges and how it affects crosschain behavior.

How to install

Note
Xguard requires Python 3.8+. If you're not going to use one of the supported compilation frameworks, you need solc, the Solidity compiler; we recommend using solc-select to conveniently switch between solc versions.

bash pip3 install slither-analyzer git clone git@github.com:seccross/xguard.git && cd xguard python3 setup.py install

We recommend using a Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install XGuard via git.

Usage

You can use it via command:

bash SEND_FUNCS='xxx;xxx' RECEIVE_FUNCS='xxx;xxxx' EVENTS='xxx;xxx' SEND_STORES='xxx;xxx' \ xguard bridge.sol \ --detect incomplete-event,incorrect-event,miss-crosschain-data-check,crosschain-message-injection

or use the online platform:

xguard.sh

Owner

Name: seccross
Login: seccross
Kind: organization

Repositories: 1
Profile: https://github.com/seccross

GitHub Events

Total

Watch event: 2
Push event: 3
Fork event: 1

Last Year

Watch event: 2
Push event: 3
Fork event: 1

Dependencies

.github/actions/upload-coverage/action.yml actions

actions/upload-artifact v3.1.0 composite

.github/workflows/black.yml actions

actions/checkout v4 composite
actions/setup-python v4 composite
super-linter/super-linter/slim v4.9.2 composite

.github/workflows/ci.yml actions

actions/checkout v4 composite
actions/setup-python v4 composite
cachix/cachix-action v12 composite
cachix/install-nix-action v23 composite

.github/workflows/docker.yml actions

actions/checkout v4 composite
docker/build-push-action v5 composite
docker/login-action v3 composite
docker/metadata-action v4 composite
docker/setup-buildx-action v3 composite
docker/setup-qemu-action v3 composite

.github/workflows/docs.yml actions

actions/checkout v4 composite
actions/configure-pages v3 composite
actions/deploy-pages v2 composite
actions/setup-python v4 composite
actions/upload-pages-artifact v2 composite

.github/workflows/doctor.yml actions

actions/checkout v4 composite
actions/setup-python v4 composite

.github/workflows/linter.yml actions

actions/checkout v4 composite
actions/setup-python v4 composite
super-linter/super-linter/slim v4.9.2 composite

.github/workflows/matchers/yamllint.json actions

.github/workflows/pip-audit.yml actions

actions/checkout v4 composite
actions/setup-python v4 composite
pypa/gh-action-pip-audit v1.0.8 composite

.github/workflows/publish.yml actions

actions/checkout v4 composite
actions/download-artifact v3 composite
actions/setup-python v4 composite
actions/upload-artifact v3 composite
pypa/gh-action-pypi-publish v1.8.10 composite
sigstore/gh-action-sigstore-python v2.1.0 composite

.github/workflows/pylint.yml actions

actions/checkout v4 composite
actions/setup-python v4 composite
super-linter/super-linter/slim v4.9.2 composite

.github/workflows/test.yml actions

./.github/actions/upload-coverage * composite
actions/checkout v4 composite
actions/download-artifact v3.0.2 composite
actions/setup-node v3 composite
actions/setup-python v4 composite

Dockerfile docker

ubuntu jammy build

tests/e2e/compilation/test_data/test_node_modules/node_modules/@openzeppelin/contracts/package.json npm

tests/e2e/compilation/test_data/test_node_modules/package-lock.json npm

295 dependencies

tests/e2e/compilation/test_data/test_node_modules/package.json npm

@openzeppelin/contracts ^4.9.3
hardhat ^2.13.0

plugin_example/setup.py pypi

slither-analyzer ==0.1

pyproject.toml pypi

setup.py pypi

crytic-compile >=0.3.5,<0.4.0
crytic-compile *
eth-abi >=4.0.0
eth-typing >=3.0.0
eth-utils >=2.1.0
packaging *
prettytable >=3.3.0
pycryptodome >=3.4.6
web3 >=6.0.0

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Open Source Science