A framework to detect attacks and trace stolen assets across Ethereum. Our paper can be found here.
A container with the dependencies set up can be found here.
To open the container, install docker and run:
docker pull christoftorres/horus && docker run -i -t christoftorres/horus
To evaluate a transaction inside the container, run:
cd horus
python3 horus.py -e -tx 0x0ec3f2488a93839524add10ea229e773f6bc891b4eb4794c3337d4495263790b --host <RPC_HOST> --port <RPC_PORT>
python3 horus.py -a
and you are done!
docker build -t horus .
docker run -it horus:latest
brew install souffle-lang/souffle/souffle
For other operating systems follow the installation instructions on souffle-lang.github.io.
cd horus
pip3 install -r requirements.txt
Download and install Neo4j from neo4j.com.
More information on how to run an archive node can be found here.
- Run the extractor on a transaction (
-tx
), block (-b
) or contract (-c
):
cd horus
python3 horus.py -e -tx 0x0ec3f2488a93839524add10ea229e773f6bc891b4eb4794c3337d4495263790b --host <RPC_HOST> --port <RPC_PORT> -f <FACTS_FOLDER>
- Run the analyzer on the extracted Datalog facts:
cd horus
python3 horus.py -a -f <FACTS_FOLDER> -r <RESULTS_FOLDER> -d <DATALOG_FILE>
- Run the tracer on the Datalog results:
cd horus
python3 horus.py -t -r <RESULTS_FOLDER> --type <TYPE> --direction <DIRECTION> --hops <HOPS> --neo4j-connection <NEO4J_CONNECTION> --neo4j-user <NEO4J_USER> --neo4j-password <NEO4J_PASSWORD>
Run python3 horus.py --help
for a complete list of options.