Hydra
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Openzeppelin Contracts | 21,760 |  | 51 | 1,033 | a day ago | 63 | September 07, 2022 | 177 | mit | JavaScript |
| OpenZeppelin Contracts is a library for secure smart contract development. | ||||||||||
| Smart Contract Best Practices | 6,529 | 2 months ago | 22 | |||||||
| A guide to smart contract security best practices | ||||||||||
| Capstone | 6,258 | 2 | 11 hours ago | 2 | April 12, 2022 | 349 | other | C | ||
| Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. | ||||||||||
| Awesome Solidity | 5,770 | 8 days ago | 6 | |||||||
| ⟠ A curated list of awesome Solidity resources, libraries, tools and more | ||||||||||
| Meshbird | 3,446 | 2 months ago | January 30, 2016 | 12 | apache-2.0 | Go | ||||
| Distributed private networking | ||||||||||
| Manticore | 3,371 |  | 1 | 1 | 3 days ago | 723 | July 07, 2022 | 261 | agpl-3.0 | Python |
| Symbolic execution tool | ||||||||||
| Mythril | 3,083 |  | 8 | 3 | 5 days ago | 292 | June 20, 2022 | 92 | mit | Python |
| Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. | ||||||||||
| Lighthouse | 2,262 | a day ago | 1 | December 29, 2021 | 274 | apache-2.0 | Rust | |||
| Ethereum consensus client in Rust | ||||||||||
| Echidna | 2,010 | a day ago | 131 | agpl-3.0 | Solidity | |||||
| Ethereum smart contract fuzzer | ||||||||||
| Awesome Ethereum Security | 1,036 | 2 months ago | 19 | cc-by-4.0 | ||||||
| A curated list of awesome Ethereum security references | ||||||||||
The Hydra ALPHA
The Hydra is an Ethereum contract development framework for:
- decentralized security and bug bounties
- rigorous cryptoeconomic security guarantees
- mitigating programmer and compiler error
Hydra introduces a concept called an exploit gap, a way for developers to turn crippling exploits into safe, decentralized bounty payments using a new form of fault tolerance called N-of-N Version Programming (NNVP) (not to be confused with N-Version Programming).
More general information about the Hydra is available on the website and in the paper.
[Warning]: The Hydra framework is an early research prototype, and is still undergoing the extensive testing, validation, and documentation processes required to recommend it for production. Please help us by trying to break the below bounties, and stay tuned for further release announcements!
Requirements and Install
The Hydra project requires Python3.6+. After installing Python, run
python3.6 -m pip install -r requirements.txt to install all Python
dependencies. Haskell and Haskell Stack are also required for the instrumenter;
on Debian-based distros, these can be installed with apt-get install haskell-stack
and tested by running stack test in the hydra/instrumenter directory.
Deploying a Production Bounty
An example of a production bounty deployment is in utils/rpc_deployment.py.
We plan on exposing a cleaner API for developers to deploy bounties soon. Currently, an example deployment script looks something like this:
# Point to all heads
heads = ['examples/ERC20/heads/' + file
for file in ('ERC20_florian.se', 'ERC20_florian.sol', 'ERC20_lorenz.sol', 'ERC20_phil.vy')]
# Change these
GETH_DATADIR = '/home/example/geth_mainnet'
creator_addr = "0x12345"
# Create a Hydra contract and deploy
d = RPCHydraDeployment(creator_addr, "hydra/metacontract/Hydra.sol", heads, GETH_DATADIR)
contracts = d.build_and_deploy(include_constructor=False, debug=False)
mc_abi = d.abi_object(heads[1])
mc_addr = '0x' + utils.encode_hex(contracts[0][0])
To use the testnet, simply pass a corresponding IPC to the node. Note that deployment is currently gas-heavy and uses a liberal gas price of 5 gwei.
Running Tests
How to run tests:
To run all tests, simply do python3.6 run_all_tests.py in the root of this repository.
Testing specific modules
- MetaContract: Test the Meta Contract logic:
python3 -m hydra.test.test_hydra
- ERC20: Run tests against each head individually:
Phil's test suite:
python3 -m examples.ERC20.test.erc20_tests_1
Florian's test suite:
python3 -m examples.ERC20.test.erc20_tests_2
Run both Phil's and Florian's test suites against the Hydra ERC20 contract:
python3 -m examples.ERC20.test.erc20_hydra_test
- MontyHall: Run tests against each head individually:
python3 -m examples.MontyHall.test.mh_head_test
Differential testing on the heads:
python3 -m examples.MontyHall.test.differential_test
Run tests against the Hydra MontyHall contract:
python3 -m examples.MontyHall.test.mh_hydra_test
- Simple ERC20 and MontyHall
Our paper describes a simplified Hydra framework without the automatic head instrumentation. Run tests against the Hydra ERC20 contract:
python3 -m examples.SimpleERC20.test.erc20_hydra_test
Run tests against the Hydra MontyHall contract:
python3 -m examples.SimpleMontyHall.test.mh_hydra_test
Acknowledgements
This material is based upon work supported by the National Science Foundation Graduate Research Fellowship under Grant No. .
We would also like to thank NSF CNS-1330599, CNS-1514163, CNS-1564102, and CNS-1704615, ARL W911NF-16-1-0145, and IC3 Industry Partners.
Any opinion, findings, and conclusions or recommendations expressed in this material are those of the authors(s) and do not necessarily reflect the views of the National Science Foundation.
