Metadata-Version: 2.1
Name: ethpwn
Version: 0.0.1
Summary: A tool to help with ethereum smart contract exploit interaction, designed with CTF challenges in mind. Some might call it a set of pwn tools for ethereum exploitation.
Project-URL: Homepage, https://github.com/Lukas-Dresel/ethpwn
Project-URL: Bug Tracker, https://github.com/Lukas-Dresel/ethpwn/issues
Author-email: Lukas Dresel <Lukas-Dresel@noreply.github.com>
License: MIT License
License-File: LICENSE
Keywords: ctf,ethereum,exploits,security,smart-contracts,testing
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Science/Research
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.7
Requires-Dist: hexbytes
Requires-Dist: py-solc-x
Requires-Dist: pysha3
Requires-Dist: requests
Requires-Dist: web3
Requires-Dist: web3[tester]
Description-Content-Type: text/markdown

# ethpwn

A tool to help with ethereum smart contract exploit interaction, designed with CTF challenges in mind.
One might call it a set of pwn tools for ethereum exploitation :P. ethpwn is designed to help you waste the smallest amount
of time possible on the annoying parts of interacting with ethereum smart contracts, mainly deployment, transaction sending,
and interaction.

## Installation

```bash
pip install ethpwn
```

## Usage

### Example exploits for the ethernaut challenges

SPOILERS AHEAD! If you haven't solved the ethernaut challenges yet, you should solve them first before looking at the
respective examples.

With that said, you can see examples of how to use `ethpwn` to solve the ethernaut challenges in the [Lukas-Dresel/ethernaut](https://github.com/Lukas-Dresel/ethernaut) repository.

### Deploying an exploit contract

```python
#!/usr/bin/env python3

import os
import sys
from time import sleep
from ethpwn.prelude import *


context.connect_http(sys.argv[1])

# syntax deploy.py <contract to deploy> [<solidity files with code..>]
CONTRACT_METADATA.add_solidity_files(sys.argv[2:])

with CONTRACT_METADATA['Exploit'].deploy_destructible() as (tx_hash, target):

    print(f"Exploit contract is at {target.address}")

    transact(target.functions.exploit(), value=ARGS.value, force=ARGS.force)

    # on __exit__ of the context manager, `contract.destroy()` will be called to return any leftover funds
```

### Interacting with the target contract to exploit it off-chain

An example of how to interact with the target contract to exploit it off-chain can be found in the `examples/` directory.

SPOILER ALERT: This example is the solution to the ethernaut fallback challenge.

The gist of it looks as follows:

```python
...

# illustration of how to import contracts from strings
CONTRACT_SOURCE=""" <copy & paste the source from ethernaut here> """
CONTRACT_METADATA.add_solidity_source(CONTRACT_SOURCE, 'Fallback.sol')

target = CONTRACT_METADATA['Fallback'].get_contract_at(ARGS.target_addr)

# set our contribution to non-zero
transact(target.functions.contribute(), value=wei(ether=0.0001))
```