Skip to content

MetaTrustLabs/falcon-metatrust

Repository files navigation

Note

For developers familiar with Slither, you can directly navigate to the detectors interface to view the rules. https://github.com/MetaTrustLabs/falcon-metatrust/tree/main/falcon/detectors


We also have about 40 original rules that have not been released yet. In the future, we will gradually make the rule source code public. Part of these rules,Please check "[Part of] Optimized and Added Detectors"

Falcon

Metatrust Static Analysis Framework Logo

Join the Club
Metatrust Telegram

- Discussions and Support

Welcome! We are the Metatrust.Labs. Over recent months, we've devoted our energies to refining and expanding the capabilities of the renowned Slither detectors. As a result, we proudly introduce Falcon — our advanced iteration of the Slither detectors.

Recognizing the challenges associated with code review and audit processes, we took it upon ourselves not just to enhance the sensitivity of our detectors, but also to drastically reduce the frequency of false positives. By doing so, we believe we've created the most efficient version of the Slither detectors to date. Falcon has been enriched with an abundance of new detectors, while nearly 100 of the existing ones have been optimized for better precision.

Our detectors in Falcon are designed with the primary goal of identifying potential issues to assist code auditors. They serve as a highly efficient automation tool, meticulously scanning against a vast checklist of potential vulnerabilities.

Falcon is a comprehensive Solidity static analysis framework crafted in Python3. Not only does it run an extensive suite of vulnerability detectors, but it also offers visual insights about contract specifics and furnishes an API designed for the easy development of custom analyses.

Building upon the foundations laid by Slither, Falcon introduces dozens of novel rules tailored for the current smart contract landscape. This includes detection mechanisms for logic inconsistencies, DeFi price manipulation vulnerabilities, centralization risks, and Time-of-Check to Time-of-Use (ToD) vulnerabilities. However, we'd like to highlight that some of these advanced checks come as premium offerings and are subject to fees.

By leveraging Falcon, developers can unearth vulnerabilities in their code, gain deeper insights into their contracts, and rapidly draft custom analyses tailored to their unique requirements.

Should you come across any issues, bugs, or vulnerabilities while utilizing our Falcon detectors, please don't hesitate to reach out. Whether it's through opening a PR/Issue or contacting us directly, we appreciate all feedback. For any further inquiries or suggestions, join our vibrant community on Discord or Telegram. We're committed to fostering a robust community, continuously enhancing our offerings, and championing collective initiatives.

Install

Pre-requisites:

Ensure you have Python (version 3.9 or newer) installed on your system.

Installation:

  1. Navigate to the Falcon project root directory.

  2. Run the following command to install Falcon:

    pip3 install -r requirements-dev.txt
    python setup.py install
  3. After successful installation, you should have access to the Falcon command-line interface.

Structure:

1. /falcon

This is similar to the slither folder in the Slither project. The /falcon folder contains the core functionalities and components of the Falcon static analysis engine, including:

  • The main framework for AST analysis.
  • Libraries and modules responsible for parsing smart contracts.
  • Intermediate representations (IRs) for smart contracts.
  • The core logic that drives the Falcon static analysis processes.

2. /falcon/detectors/

This folder contains the set of detectors, primarily inspired by Slither's rules. They are designed to identify vulnerabilities, misconfigurations, and potential issues within the smart contracts:

  • Each detector script in this folder targets a specific vulnerability type.
  • The detectors parse and analyze the smart contract IRs to discover any potential threats.
  • Detected issues will be reported with their severity, type, and a brief description to assist in understanding and mitigation.

Basic Usage:

To scan a smart contract without installing the package:

  1. Navigate to the Falcon project root directory.

  2. Run the following command:

    pip3 install -r requirements-dev.txt
    python -m falcon [relative file based on root directory of falcon]

For example, to scan a contract located at contracts/MyContract.sol:

pip3 install -r requirements-dev.txt
python -m falcon contracts/MyContract.sol

[Part of] Optimized and Added Detectors

Detector Name Detector File Release Date Note Status
Arbitrary send erc20 Basic Library - 1 week later We have optimized Arbitrary send erc20 to reduce false positives Implemented
Centralized - relaease We believe that centralized risk is one of the risks that should not be ignored, so we have implemented multiple centralized risk vulnerability detection rules with different risk levels. Implemented
bad_prng - 1 week later We believe that random number vulnerabilities only occur in functions with certain specific functions, so we simply filter the functions Implemented
Transfer Inside a Loop - relaease Transfers in the loop can easily cause DOS attacks Implemented
DeFi Related Detectors - relaease We implemented a simple price manipulation detector to detect whether there is suspicious price manipulation through taint analysis, and divided it into multiple risk levels. Implemented
ERC - 1 week later We have implemented detectors for multiple ERC standards Implemented
Transaction Order Dependency - relaease We implemented a detector for the Transaction Order Dependency vulnerability and divided it into multiple risk levels. Implemented
Reentrancy Basic Library - released We have optimized a variety of corner cases and significantly reduced the false alarm rate. Implemented
Support on-chain data fetch - - - TODO
Prompt-based AI vulnerability detection - - Based on our unique prompt design and vulnerability confirmation logic, we can effectively dig out some logical vulnerabilities that are difficult to discover and summarize. Implementing

Enhancements & New Detectors

Here we indicate our updates, workflows and mark completed tasks and improvements!

You can add your own detector/idea/enhancement by opening the Issue at the following link.

Prior to adding a custom detector, ensure that:

  1. In a documentation file, your detector is comprehensively described;
  2. The detector test contract is presented and correctly compiles;
  3. The detector code is presented and works properly.

Prior to adding an idea, ensure that:

  1. Your concept or idea is well articulated;
  2. A vulnerability example (or PoC) is provided;

Prior to adding an enhancement, ensure that:

  1. Your enhancement does not make the base code worse;
  2. Your enhancement is commented.

Acknowledgements

Our team would like to express our deepest gratitude to the Slither tool creators: Josselin Feist, Gustavo Grieco, and Alex Groce, as well as Crytic, Trail of Bits' blockchain security division, and all the people who believe in the original tool and its evolution!

Articles:

Research Papers:

Slither: In-Depth

Slitherin in mass media