The most popular smart contract analysis tool
In the world of smart contracts, even the most sophisticated financial institutions must maintain a level of technological expertise if they wish to get involved in the aforementioned methods. Smart contracts are prone to hacks that can essentially cost the underlying creator hundreds or even millions of dollars. The most infamous example of something so catastrophic has been the DAO hacking, or one hard fork was started to reverse the flow of funds from the hacker’s wallet.
MAIAN basic overview
Smart contracts are handy tools in financial programming, but unfortunately in many cases they are prone to hacking. same a lost letter can lead to more than millions of dollars being made vulnerable to hackers.
To protect against the vulnerabilities of these technologies, engineers had to develop innovative ways to ensure that before deploying the smart contract to the blockchain, it was completely locked down and cleared of any potential flaws. After all, if you find the bug after deploying it to the blockchain, you can’t go back and change it.
As a result of this dilemma, MAIAN was born. An open source blockchain analysis tool that helps developers find errors in their code before it is deployed. The tool has been made public about nine months ago.
MAIAN was released under the MIT license by Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena and Aquinas Hobor free for all to use and contribute. The initial case study published via Cornell’s database, found here, in which the visible part of the Ethereum blockchain was analyzed and executed via MAIAN. Of these, about eight percent of all contracts maintained some vulnerability.
MAIAN classifies and siphons each type of smart contract error into three main distinctions of vulnerability: “Prodigal”, “Gourmet” and “Suicidal”.
3 main types of vulnerability
MAIAN can be used by analyzing each contract for three main errors. The first is suicide contracts. In these contracts, an unnoticed or poorly coded contract can potentially “kill” the entire contract. In smart contracts, the kill function will destroy the entire contract and return the funds to the contract owner. If an attacker owned the contract, a suicidal contract allows hackers to keep the funds.
The second type of vulnerable contracts is lavish contracts. In lavish contracts, an attacker can send funds to anyone on the blockchain. Instead of having to kill the entire contract, a lavish contract has a flaw that allows anyone to hijack ownership and then send funds from the contract to a random user, multiple times. More worryingly, these operations can go relatively unnoticed.
Previously, lavish contracts would send small increments of the contract to remain unnoticed. If larger amounts of people contribute to a contract, the losses remain hidden.
Gourmet contracts are the last type of error. These contracts are better known to the cryptocurrency retail community, as many have been exposed to this type of error in the case of the Parity wallet hacking, where a random user on GitHub accidentally locked more than 600,000 ETH, always.
MAIAN: Under the hood
MAIAN is coded in Python and works with the dependencies mentioned on its GitHub page. Although the tool works using Python, the MAIAN main tool works with any Solidity coded smart contract. MAIAN is not currently working with EOS smart contracts deployed. MAIAN can analyze smart contracts in one of three forms:
- Source of the bytecode (Bytecode before being deployed on the blockchain).
- Solidity (.sol files).
- Compiled bytecode (Bytecode after its deployment on the blockchain).
The program is designed to be easily customizable and modifiable; users have created their versions that use a much more efficient angle of accessibility. In its stock version, MAIAN must analyze one contract and one error type at a time without further upgrading.
MAIAN’s main flowchart works by applying analysis specifications to the deployed bytecode. The bytecode is broken down into a readable version for the tool in the form of symbolic analysis by dividing the contract into “symbols”, which can be referenced in the future.
These symbols then refer to preprogrammed “example exploit symbols” placed in the program beforehand (don’t forget that these example exploits can be configured, so you can add as many types of errors as you want) ). These “sample exploit symbols” are compiled versions of the previously mentioned errors: Prodigal, Greedy, and Suicidal.
Using MAIAN and its subsequent future
For those who want to improve their development skills and start running their smart contracts via an extra layer of security with MAIAN, you can do so after installing the correct dependencies by going to the project’s GitHub, found here.
MAIAN also offers a way to configure it with a GUI and instructions for doing so can be found here. This can help users who are not quite comfortable working only on a command line and those who prefer visual help rather than strict code.
The tool is known to be somewhat buggy when installed on certain operating systems, and some users have reported that previous dependencies are needed to keep it running. Many times the problem you are having with MAIAN has also been experienced by another user. Be sure to check the Questions tab on the project’s GitHub as many times as you can find a solution. Either way, it’s important to keep records and monitor the maintenance of your contract.
Although the latest MAIAN update has not been released for some time, there is still an active development community looking to improve and build on its current releases. Many smart contract developers execute their contracts through MAIAN in combination with other analysis tools to ensure maximum security of their contracts.
A fair warning though: While MAIAN’s proprietary technology is excellent, blockchain infrastructure is constantly changing. What works with MAIAN and smart contracts deployed by Ethereum today might not work tomorrow.
Like BTCMANAGER? Tip us!
Our Bitcoin address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4