engn33r · December 26, 2023 22:44
diff --git a/vulncreate2detector.sh b/vulncreate2detector.sh
 #!/bin/bash

 # This script is a hacked together PoC, don't trust it to work well
 # For proper detection of vulnerable contracts, recursive testing must be performed because CREATE2 in a contract's ancestry could be problematic: https://medium.com/@jason.carver/defend-against-wild-magic-in-the-next-ethereum-upgrade-b008247839d2#3f90
 # Improved tool and full research coming from yAcademy next month: https://twitter.com/yAcademyDAO

 contract_addr="0x0d4a11d5eeaac28ec3f61d100daf4d40471f1852" # default value is a uniswap V2 pair from https://v2.info.uniswap.org/pairs
 etherscan_api_key=""

 if [[ -z "$etherscan_api_key" ]]; then
  echo "Please store your enterscan API key in the proper variable"
  exit 1
 fi

 # Step 1: Check if CREATE2 used to create the contract
 # Using etherscan API to find creation tx hash: https://docs.etherscan.io/api-endpoints/contracts#get-contract-creator-and-creation-tx-hash
 create_tx=$(curl -s "https://api.etherscan.io/api?module=contract&action=getcontractcreation&contractaddresses=$contract_addr&apikey=$etherscan_api_key" | jq ".result[].txHash" | tr -d '"')
 create2=$(curl -s "https://tx.eth.samczsun.com/api/v1/trace/ethereum/$create_tx" | jq .result.entrypoint | grep -B 2 $contract_addr | grep '"variant": "create2",' | grep '"variant": "create2",')

 sleep 1 # wait a sec, keep etherscan happy :)

 # Step 2: determine if source contains selfdestruct
 self_destr=$(curl -s "https://api.etherscan.io/api?module=contract&action=getsourcecode&address=$contract_addr&apikey=$etherscan_api_key" | grep "selfdestruct")

 if [[ -n "$create2" && -n "$self_destr" ]]; then
  echo "Vulnerable: Contract created with CREATE2 and contract contains selfdestruct"
 else
  echo "Probably not vulnerable: Contract not created with CREATE2 OR contract does not contain selfdestruct"
 fi
	#!/bin/bash

	# This script is a hacked together PoC, don't trust it to work well
	# For proper detection of vulnerable contracts, recursive testing must be performed because CREATE2 in a contract's ancestry could be problematic: https://medium.com/@jason.carver/defend-against-wild-magic-in-the-next-ethereum-upgrade-b008247839d2#3f90
	# Improved tool and full research coming from yAcademy next month: https://twitter.com/yAcademyDAO

	contract_addr="0x0d4a11d5eeaac28ec3f61d100daf4d40471f1852" # default value is a uniswap V2 pair from https://v2.info.uniswap.org/pairs
	etherscan_api_key=""

	if [[ -z "$etherscan_api_key" ]]; then
	echo "Please store your enterscan API key in the proper variable"
	exit 1
	fi

	# Step 1: Check if CREATE2 used to create the contract
	# Using etherscan API to find creation tx hash: https://docs.etherscan.io/api-endpoints/contracts#get-contract-creator-and-creation-tx-hash
	create_tx=$(curl -s "https://api.etherscan.io/api?module=contract&action=getcontractcreation&contractaddresses=$contract_addr&apikey=$etherscan_api_key" \| jq ".result[].txHash" \| tr -d '"')
	create2=$(curl -s "https://tx.eth.samczsun.com/api/v1/trace/ethereum/$create_tx" \| jq .result.entrypoint \| grep -B 2 $contract_addr \| grep '"variant": "create2",' \| grep '"variant": "create2",')

	sleep 1 # wait a sec, keep etherscan happy :)

	# Step 2: determine if source contains selfdestruct
	self_destr=$(curl -s "https://api.etherscan.io/api?module=contract&action=getsourcecode&address=$contract_addr&apikey=$etherscan_api_key" \| grep "selfdestruct")

	if [[ -n "$create2" && -n "$self_destr" ]]; then
	echo "Vulnerable: Contract created with CREATE2 and contract contains selfdestruct"
	else
	echo "Probably not vulnerable: Contract not created with CREATE2 OR contract does not contain selfdestruct"
	fi