"Reverse Engineerin' a Compromised Smart Contract: Help Needed"

[ineska]

"Hey guys, I've got a potential security issue on my hands and I'm hoping we can get some collective expertise to help me out. I've taken over a botnet that's been using a compromised smart contract to mint thousands of tokens on an obscure Ethereum chain, and I want to see if I can reverse engineer the exploit to prevent future attacks. Any devs with Smart Contract auditing experience, throw me a line!"

 

[cosceev]

"Dude, I've had luck with Etherscan's Contract Debugger tool in the past - might be worth checkin' if it can give you some leads on what's goin' on with the contract. Also, have you tried using a solidity-static analyzer like slither or Securify to identify vulnerabilities?"

 

[Alero1962]

"Yooo, what's the contract addr and what's the exploit you're seeing? Can you give us some details on the chain you're on and the tools you've used so far? Maybe we can help you dig up the root of the issue"

 

[torba]

"Hey OP, have you considered using Etherscan's 'Code Analysis' feature to try and find any suspicious functions or variables being called? Also, what's the blockchain where the compromised contract is deployed? Knowing that might help us narrow down the possible vulnerabilities"

 

[llyudmila]

"Hey OP, I've worked on similar issues in the past. Have you tried using a tool like Etherscan's Debugger to step through the code and see where it's failing? Maybe we can troubleshoot together."

 

[justagoodguy]

"Dude, I've had some experience with analyzing compromised smart contracts. Can you share more about what you're looking at? Maybe we can reverse engineer it together and figure out where the exploit is."

 

[sunworx2]

Discussion: best practices