Using static code-analysis to detect honeypots.
Amphicion is the name of an extinct mammal, that looked like a mixture of a bear of a dog. This matches the tool, which combines the instincts of a bear to find honeypots, combined with the searching qualities of a dog. ;)
Logo inspired by a reconstruction of the animal by Roman Uchytel.
Part of my bachelor's thesis.
Because usually honeypot contract source-codes are uploaded to Etherscan to be found by potential victims, which makes it an ideal place to scan for new contracts.
To have a way to naturally handle ambiguoes classifiers and to improve detection over time by supervised learning.
The implementation details were taken from c't 17/2003, page 150.
Many solidity contract analysis tools use the Ethereum Virtual Machine bytecode to analyze smart contracts, to enable them to check all contracts deployed to the blockchain.
But for honeypot smart contracts, this is possible, because creators do want their honeypots to be fund, which makes them post them on platforms like Etherscan. Additionally, since most honeypots rely on misunderstandings of Solidity, those can be detected easier using the source code.
yarn run classifiers:update
yarn run contract:analyze "<address>"
or
yarn run contract:analyze "<file>"
yarn run database:update
yarn run database:find
- Solium Project for
peg.js-files to build AST for Solidity - Inspired by
tslint,SoliumandReMix - Dependencies in
package.json
- Solium: JavaScript-Codebase, making great-scale development difficult; very different approach (classifying contracts instead of marking mistakes)
- ReMix: Same as Solium; Dependency on
solc.
- ReEntrancy (often used as bait)
- useless if-checks (bad practice to trap ether)
- Multi-Step initialization (often used by honeypots to do internal calls during the process)