Translation: Helen

Community Discord

This article is published on XREX and WTF Academy

On-chain data can include simple one-time transfers, interactions with one DeFi contract or multiple DeFi contracts, flash loan arbitrage, governance proposals, cross-chain transactions, and more. In this section, let’s begin with a simple start. I will introduce on BlockChain Explorer - Etherscan what we are interested in, and then use Phalcon to compare the differences between these transaction function calls: Assets transfer, swap on UniSWAP, increase liquidity on Curve 3pool, Compound proposals, Uniswap Flashswap.

Start to warm up

• The first step is to install Foundry in the environment. Please follow the installation instructions.

  • Forge is a Major test tool on the Foundry platform.If it is your first time to use Foundry, you can refer to Foundry book, Foundry @EthCC, WTF Solidity - Foundry.

• Each chain has its own blockchain explorer. In this section, we will use Ethereum's blockchain network as a case study.

• Typical information I usually refer to includes:

  • Transaction Action: Since the transfer of complex ERC-20 tokens can be difficult to discern, Transaction Action can provide the key behavior of the transfer. However, not all transactions include this information.

  • From: msg.sender, the source wallet address that executes this transaction.

  • Interacted With (To): Which contract to interact with

  • ERC-20 Token Transfer: Token Transfer Process

  • Input Data: The raw input data of the transaction. You can see what Function was called and what Value was brought in.

• If you don't know what tools are commonly used, you can view the transaction analysis tools in the first lesson.

Assets transfer

• From: This transaction's source EOA wallet address

• Interacted With (To): Tether USD (USDT) Contract

• ERC-20 Tokens Transferred: Transfer 651.13 USDT from user A's wallet to user B

• Input Data: Called transfer function

According to Phalcon "Invocation Flow" :

• There is only one ''Call USDT.transfer''. However, you should pay attention to the "Value".Because the Ethereum Virtual Machine (EVM) does not support floating-point operations, decimals representation is used instead.

• Each token has its own precision, the number of decimal places used to represent the value of the token. In ERC-20 tokens, the decimals are usually 18 digits, while USDT has 6 digits. If the precision of the token is not handled properly, problems will arise.

• You can query it on the Etherscan token contract.

Uniswap Swap

The following can be derived from the Etherscan example above:

• Transaction Action: A user performs Swap on Uniswap V2, exchanging 12,716 USDT for 7,118 UNDEAD.

• From: This transaction's source wallet address

• Interacted With (To): A MEV Bot contract called Uniswap contract for Swap.

• ERC-20 Tokens Transferred: Token exchange process

According to Phalcon "Invocation Flow" :

• MEV Bot calls the Uniswap V2 USDT/UNDEAD trading pair contract to call the swap function to perform token exchange.

Foundry

We use Foundry to simulate the operation of using 1BTC to exchange for DAI in Uniswap.

• Sample code reference, execute the following command:

forge test --contracts ./src/test/Uniswapv2.sol -vvvv

• According to the figure - we swap 1 BTC to 16,788 DAI by calling the Uniswap_v2_router.swapExactTokensForTokens function.

Curve 3pool - DAI/USDC/USDT

The following can be derived from the Etherscan example above:

• The purpose of this transaction is to add Liquidity at Curve three pools.

• From: This transaction's source wallet address

• Interacted With (To): Curve.fi: DAI/USDC/USDT Pool

• ERC-20 Tokens Transferred: User A transferred 3,524,968.44 USDT to the Curve 3 pools, and then Curve minted 3,447,897.54 3Crv tokens for User A.

According to Phalcon "Invocation Flow" :

• Based on the call sequence, three steps were executed: 1.add_liquidity 2.transferFrom 3.mint.

Compound propose

The following can be derived from the Etherscan example above:

• The user submitted a proposal on the Compound. The contents of the proposal can be viewed by clicking "Decode Input Data" on Etherscan.

According to Phalcon "Invocation Flow" :

• Submitting a proposal through the propose function results in proposal number 44.

Uniswap Flashswap

Here we use Foundry to simulate operations - how to use flash loans on Uniswap. Official Flash swap introduction

• Sample Code Reference, execute the following command:

forge test --contracts ./src/test/Uniswapv2_flashswap.sol -vv

• In this example, a flash loan of 100 WETH is borrowed through the Uniswap UNI/WETH exchange. Note that a 0.3% fee must be paid on repayments.

• According to the figure - call flow, flashswap calls swap, and then repays by calling back uniswapV2Call.

• Further Introduction to Flashloan and Flashswap:

  • A. Common points: Both can lend Tokens without collateralizing assets, and they need to be returned in the same block, otherwise the transaction fails.

  • B. The difference: If token0 is borrowed through Flashloan token0/token1, token0 must be returned. Flashswap lends token0, and you can return token0 or token1, which is more flexible.

For more DeFi basic operations, please refer to DeFiLab.

Foundry cheatcodes

Foundry's cheatcodes are essential for conducting chain analysis. Here, I will introduce some commonly used functions. More information can be found in the Cheatcodes Reference.

• createSelectFork: Specifies a network and block height to copy for testing. Must include the RPC for each chain in foundry.toml.

• deal: Sets the balance of a test wallet.

  • Set ETH balance: deal(address(this), 3 ether);

  • Set Token balance: deal(address(USDC), address(this), 1 * 1e18);

• prank: Specify the wallet address to simulate. It is only effective for the next call and will set the msg.sender to the specified wallet address. Such as simulating a transfer from a whale wallet.

• startPrank: Specify the wallet address to simulate. It will set the msg.sender to the specified wallet address for all calls until stopPrank() is executed.

• label: Labels a wallet address for improved readability when using Foundry debug.

• roll: Adjusts the block height.

• warp: Adjusts the block timestamp.

Thanks for following along! Time to jump into the next lesson.

Resources

https://book.getfoundry.sh/

https://github.com/crisgarner/awesome-foundry

https://blog.infura.io/post/build-a-flash-loan-arbitrage-bot-on-infura-part-i

社群 Discord

同步發表: XREX | WTF Academy

鏈上交易數據包含從簡單的單筆交易轉帳、1 個 DeFi 合約交互、多個 DeFi 合約交互、閃電貸套利、治理提案、跨鏈交易等等，這一節我們先來熱身一下，先從簡單的開始。我將介紹通常使用區塊鏈瀏覽器 Etherscan 哪些訊息是我們所在意的，再來我們會使用交易分析工具 Phalcon 看一下這些交易從簡單的轉帳、UniSWAP上 Swap、Curve 3pool 增加流動性、Compound 治理提案、閃電貸的調用差異。

開始進入熱身篇

• 首先環境上需要先安裝 Foundry，安裝方法請參考 instructions.

  • 測試主要會用到 Forge test，如果第一次使用 Foundry，可以參考 Foundry book、Foundry @EthCC、WTF Solidity - Foundry

• 每條鏈上都有專屬的區塊鏈瀏覽器，這節我們都會使用 Ethereum 主網來當案例所以可以透過 Etherscan 來分析.

• 通常我會特別想看的欄位包含:

  • Transaction Action: 因為複雜的交易中 ERC-20 Tokens Transferred 會很複雜，可讀性不好，所以可以透過 Transaction Action 看一下關鍵行為但不一定每筆交易都有

  • From: msg.sender 執行這筆交易的來源錢包地址

  • Interacted With (To): 跟哪個合約交互

  • ERC-20 Tokens Transferred: 代幣轉移流程

  • Input Data: 交易的原始 Input 資料，可以看到呼叫什麼 Function 和帶入什麼 Value

• 如果還不知道常用工具有哪些可以回顧第一課交易分析工具篇

鏈上轉帳

From: 發送這筆交易的來源錢包地址

Interacted With (To): Tether USD (USDT) 合約

ERC-20 Tokens Transferred: 從用戶A 錢包轉 651.13 USDT 到用戶 B

Input Data: 呼叫了 transfer function

透過 phalcon 來看: 從調用流程來看就只有一個 Call USDT.transfer，要注意的是 Value. 因為 EVM 不支持浮點數的運算，所以使用精度代表，每個 Token 都要注意它的精度大小，標準 ERC-20 代幣精度為 18，但也有特例，如 USDT 為例，精度是 6 所以 Value 帶入的值為 651130000，如果精度處理不當就容易造成問題。精度的查詢方式可以到 Etherscan 代幣合約上看到。

Uniswap Swap

從上圖例子 可以解讀為:

Transaction Action: 很直覺就可以知道用戶在 Uniswap 上進行 Swap，將 12,716 USDT 換成 7,118 UNDEAD。

From: 發送這筆交易的來源錢包地址

Interacted With (To): 這個例子是一個 MEV Bot 合約呼叫 Uniswap 合約進行 Swap

ERC-20 Tokens Transferred: Token 交換的過程

透過 phalcon 來看: MEV Bot 呼叫 Uniswap V2 USDT/UNDEAD 交易對合約呼叫 swap 函示來進行代幣兌換。

我們使用 Foundry 來模擬操作使用 1BTC 在 Uniswap 換成 DAI，範例程式碼參考，執行以下指令

forge test --contracts ./src/test/Uniswapv2.sol -vvvv

如下圖所示我們透過呼叫 Uniswap_v2_router.swapExactTokensForTokens 函式，將 1BTC 換到 16,788 DAI.

Curve 3pool - DAI/USDC/USDT

從上圖例子可以解讀為:

在 Curve 3pool 增加流動性

From: 發送這筆交易的來源錢包地址

Interacted With (To): Curve.fi: DAI/USDC/USDT Pool

ERC-20 Tokens Transferred: 用戶 A 轉入 3,524,968.44 USDT 到 Curve 3 pool，然後 Curve 鑄造 3,447,897.54 3Crv 代幣給用戶 A.

透過 phalcon 來看: 從調用流程來看執行了三個步驟 1.add_liquidity 2.transferFrom 3.mint

Compound propose

從上圖例子可以解讀為: 用戶在 Compound 治理合約上提交了一個提案，從 Etherscan 上可以點擊 Decode Input Data 就可以看到提案內容。

透過 phalcon 來看: 透過呼叫 propose 函式來提交 proposal 得到編號 44 號提案。

Uniswap Flashswap

我們使用 Foundry 來模擬操作看看如何在 Uniswap 上使用閃電貸，官方Flash swap介紹

範例程式碼參考，執行以下指令

forge test --contracts ./src/test/Uniswapv2_flashswap.sol -vv

以這個例子透過 Uniswap UNI/WETH 交易兌上進行閃電貸借出 100 顆 WETH，再還回去給 Uniswap. 注意還款時要付 0.3% 手續費。

從下圖調用流程可以看出，呼叫 swap 進行 flashswap 然後透過 callback uniswapV2Call 來還款。

簡單區分一下 Flashloan 和 Flashswap 的差異，兩種都是無需抵押資產就可以借出 Token，且需要在同一個區塊內還回去不然交易就會失敗，假如透過 token0/token1 進行 Flashloan 借出 token0 就要還 token0回去，Flashswap 借出 token0 可以還 token0 或 token1 回去，比較彈性。

更多 DeFi 基本操作可以參考 DeFiLabs

Foundry cheatcodes

Foundry 的 cheatcodes 在我們做鏈上分析必須使用到的，這邊我介紹一下常用到的函式，更多介紹可以參考 Cheatcodes Reference

• createSelectFork: 指定這次測試要複製哪個網路和區塊高度，注意每條鏈的 RPC 要寫在 foundry.toml

• deal: 設定測試錢包餘額

  • 設定 ETH 餘額 deal(address(this), 3 ether);

  • 設定 Token 餘額 deal(address(USDC), address(this), 1 * 1e18);

• prank: 模擬指定錢包身份，只有在下一個呼叫有效，下一個 msg.sender 是會所指定的錢包，例如使用巨鯨錢包轉帳

• startPrank: 模擬指定錢包身份，在沒有執行stopPrank()之前，所有 msg.sender 都會是指定的錢包地址

• label: 將錢包地址標籤化，方便在使用 Foundry debug 時提高可讀性

• roll: 調整區塊高度

• warp: 調整 block.timestamp

謝謝收看，我們準備進入下一課

Resources

https://book.getfoundry.sh/

https://github.com/crisgarner/awesome-foundry

Foundry @EthCC | Slides

https://github.com/AmazingAng/WTF-Solidity/blob/main/Topics/Tools/TOOL07_Foundry/readme.md

https://blog.infura.io/post/build-a-flash-loan-arbitrage-bot-on-infura-part-i

社群 Discord

同步發表: XREX | WTF Academy

當初我在學習鏈上交易分析時，很少相關教學文章，只能自己慢慢地收集資料從中挖掘如何分析到測試。 我們將推出一系列 Web3 安全的教學文章, 幫助更多人加入 Web3 安全，共創安全網路。

第一個系列我們將介紹如何進行鏈上分析到撰寫攻擊重現。此技能將能幫助你分析攻擊過程和漏洞原因甚至套利機器人如何套利！

工欲善其事，必先利其器

在進入分析之前，我先介紹一些常用工具，正確的工具可以幫助你做研究時更有效率。

Transaction debugging tools

Phalcon | Tx.viewer | Cruise | Ethtx | Tenderly

Transaction Viewer 這類工具是最常用的，可以幫助我們針對想要分析的交易 Transaction，以可視化列出函數呼叫的流程以及每個函式帶入了什麼的參數等。 每個工具大同小異，只差異在鏈的支援度不同和輔助功能，我個人是比較常用 Phalcon 和 Sam 的 Transaction Viewer，如果遇到不支援的鏈則會使用 Tenderly，Tenderly 支援最多鏈，但是可讀性就不是這麼方便，需要 Debug 慢慢分析。不過我最初在研究鏈上分析是先學習 Ethtx 和 Tenderly。

鏈支援度比較

Phalcon： Ethereum、BSC、Cronos、Avalanche C-Chain、Polygon

Sam's Transaction viewer： Ethereum、Polygon、BSC、Avalanche C-Chain、Fantom、Arbitrum、Optimism

Cruise： Ethereum、BSC 、Polygon、Arbitrum、Fantom、Optimism、Avalanche、Celo、Gnosis

Ethtx： Ethereum、Goerli testnet

Tendery： Ethereum、Polygon、BSC、Sepolia、Goerli、Gnosis、POA、RSK、Avalanche C-Chain、Arbitrum、Optimism 、Fantom、Moonbeam、Moonriver

實務操作

以 JayPeggers - Insufficient validation + Reentrancy 事件來當例子 TXID 使用 Blocksec 開發的 Phalcon 工具來說明，下圖可以看到該交易的基本資訊和餘額變化，從餘額變化可以快速看出攻擊著大概獲利多少，以這個例子攻擊者獲利 15.32 ETH。

Invocation Flow 可視化函式調用流程: 可以讓我們知道這一筆交易調用流程和函式呼叫的層級，有沒有使用閃電貸、涉及了哪些項目、呼叫了哪些函式帶入了什麼參數和原始 data 等等

Phalcon 2.0 新增了資金流向和 Debug + 原始碼分析可以在 Trace 的過程中邊看程式執行的片段、參數、返回值，分析上方便了不少。

換 Sam 的 Transaction Viewer 來看看 TXID 跟 Phalcon 類似但 Sam 整合了許多小工具在裡面，如下圖的眼睛點下去可以看到 Storage 的變化和每個呼叫所消耗的 Gas。

點擊最左邊的 Call，可以把原始 Input data 嘗試 Decode。

再來換 Tendery 來看看 TXID 在 Tendery 介面上，一樣可以看到基本資訊，但在 Debug 的部分就不是可視化，需要一步一步 Debug 走下去分析，不過好處是可以邊 Debug 邊看程式碼還有 Input data 的轉換過程。

到這邊就可以幫我們釐清大概這筆交易做了哪些事情，在還沒有開始寫 Poc 時，如果想要快速重放攻擊可以嗎? 可以! 可以使用Tendery 或 Phalcon，這兩個工具另外支援了模擬交易重現，在上圖右上角有一個按鈕 Re-Simulate，工具會自動幫你帶上該交易的參數值如下圖 從圖中的欄位可以依照需求任意改變如改block number, From, Value, Input data 等

Ethereum Signature Database

4byte | sig.eth | etherface

在原始 Input data，前面 4bytes 為 Function Signature. 有時遇到 Etherscan 或分析工具無法解出來時，可以透過 Signature Database 來查看看可能是什麼 Function。

Useful tools

ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI

ABI to interface: 在開發 Poc 時需要呼叫其他合約時要有 Interface 接口，我們可以透過這個工具幫你快速產生你要的接口。 先去 Etherscan 把 ABI 複製下來，貼過去工具上就可以看到產生出來的 Interface。 例子

ETH Calldata Decoder: 有時候在沒有 ABI 的情況下想要解看看 Input data 可以試試看 ETH Calldata Decoder，在前面介紹到 Sam 的工具就有支援 Input data decode。

Get ABI for unverified contracts: 如果遇到未開源的合約，可以透過這個工具嘗試列舉出這個合約中存在的 Function Signature. 例子

Decompile tools

Etherscan-decompile bytecode | Dedaub | heimdall-rs

Etherscan 內建有一個反編譯功能但可讀性偏差，個人比較常使用 Dedaub，可讀性好一點，也是常常最多人DM 問我都使用哪個工具反編譯。 我們拿一個 MEV Bot 被攻擊來當例子 可以自己試試解看看 例子

第一課分享就先到這邊，想學更多可以參考以下學習資源。

學習資源

https://degatchi.com/articles/reading-raw-evm-calldata

https://web3sec.xrex.io/

Community Discord

This article is published on XREX and WTF Academy

Online resources were scarce when I started learning on-chain transaction analysis. Although slowly, l was able to piece together bits and pieces of information to perform tests and analysis.

From my studies, we will launch a series of Web3 security articles to entice more people to join Web3 security and create a secure network together.

In the first series, we will introduce how to conduct an on-chain analysis, and then we will reproduce on-chain attack(s). This skill will aid us in understanding the attack process, the root cause of the vulnerability, and even how the arbitrage robot arbitrages!

Tools can greatly improve efficiency

Before getting into the analysis, allow me to introduce some common tools. The right tools can help you do research more efficiently.

Transaction debugging tools

Phalcon | Tx.viewer | Cruise | Ethtx | Tenderly

Transaction Viewer is the most commonly used tool, it is able to list the stack trace of function calls and the input data in each function during the transaction. Transaction viewer tools are all similar; the major difference is the chain support and auxiliary functions support. I personally use Phalcon and Sam’s Transaction Viewer. If I encounter unsupported chains, I will use Tenderly. Tenderly supports most chains, But the readability is limited, and analysis can be slow using its Debug feature. It is however one of the first tools I learned along with Ethtx.

Chain support comparison

Phalcon： Ethereum、BSC、Cronos、Avalanche C-Chain、Polygon

Sam's Transaction viewer： Ethereum、Polygon、BSC、Avalanche C-Chain、Fantom、Arbitrum、Optimism

Cruise： Ethereum、BSC 、Polygon、Arbitrum、Fantom、Optimism、Avalanche、Celo、Gnosis

Ethtx： Ethereum、Goerli testnet

Tenderly： Ethereum、Polygon、BSC、Sepolia、Goerli、Gnosis、POA、RSK、Avalanche C-Chain、Arbitrum、Optimism 、Fantom、Moonbeam、Moonriver

Lab

We will look at JayPeggers - Insufficient validation + Reentrancy Incident as an example transaction TXID to dissect.

First I use the Phalcon tool developed by Blocksec to illustrate. The basic information and balance changes of the transaction can be seen in the figure below. From the balance changes, we can quickly see how much profit the attacker has made. In this example, the attacker made a profit of 15.32 ETH.

Invocation Flow Visualization - Is function invocation with trace-level information and event logs. It shows us the call invocation, the function call level of this transaction, whether flash loan is used, which projects are involved, which functions are called, and what parameters and raw data are brought in, etc.

Phalcon 2.0 added funds flow, and Debug + source code analysis directly shows the source code, parameters, and return values along with the trace, which is more convenient for analysis.

Now let's try Sam's Transaction Viewer on the same TXID. Sam integrates many tools in it, as shown in the picture below, you can see the change in Storage and the Gas consumed by each call.

Click Call on the left to decode the raw Input data.

Let's now switch to Tenderly to analyze the same TXID, you can see the basic information like other tools. But using the Debug feature, it is not visualized and needs to be analyzed step by step. However, the advantage is that you can view the code and the conversion process of Input data while Debugging.

This can help us clarify all the things this transaction did. Before writing the POC, can we run a replay attack? Yes! Both Tenderly or Phalcon support simulated transactions, you can find a button Re-Simulate in the upper right corner in the figure above. The tool will automatically fill the parameter values from the transaction for you as shown in the figure below. Parameters can be changed arbitrarily according to simulation needs, such as changing block number, From, Gas, Input data, etc.

Ethereum Signature Database

4byte | sig.eth | etherface

In the Raw Input data, the first 4 bytes are Function Signatures. Sometimes if Etherscan or analysis tools cannot identify the function, we may check the possible Functions through the Signature Database.

The following example assumes that we do not know what Function 0xac9650d8 is

Through a sig.eth query, we find that the 4 bytes signature is multicall(bytes[])

Useful tools

ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI

ABI to interface: When developing a POC, it's necessary to have interfaces to call other contracts. We can use this tool to help you quickly generate the interfaces. Go to Etherscan to copy the ABI, and paste it on the tool to see the generated Interface. Example.

ETH Calldata Decoder: If you want to decode Input data without the ABI, this is the tool you need. Sam's transaction viewer I introduced earlier also supports Input data decoding.

Obtain ABI for unverified contracts: If you encounter a contract that is not verified, you can use this tool to try to work out the function signatures. Example

Decompile tools

Etherscan-decompile bytecode | Dedaub | heimdall-rs

Etherscan has a built-in decompilation feature, but the readability of the result is often poor. Personally, I often use Dedaub, which produces better decompiled code. It is my recommended decompiler. Let's use a MEV Bot being attacked as an example You can try to decompile it for yourself using this contract.

First, copy the Bytecodes of the unverified contract and paste it on Dedaub, and click Decompile.

If you want to learn more, you can refer to the following videos.

Resources

https://degatchi.com/articles/reading-raw-evm-calldata

https://web3sec.xrex.io/