A personal blog for Glider queries, tips, and guides.#
What Is Glider#
It’s a security/research tool that lets you query multiple contracts on EVM blockchains at once by certain logic, parameters, dependencies, variable names, or anything else you can think of.
In terms of traditional private audits (companies like Trail of Bits), bug bounties (like Immunefi), and public contests (like Code4rena), Glider differentiates because its purpose is to act on scale, while they only provide security to a researcher’s chosen project. With only one effective Glider query (aka glide) and a good negotiation team, you can contact tens or hundreds of projects that share some vulnerability.
The research part is the ability to get statistics on logic, libraries, standards, etc., directly from the source code of smart contracts. For example, it’s quite easy to get the total number of smart contracts named Test, the total number of payable functions, or the total number of ecrecover instructions. You can also find more specific occurrences of these instances based on your custom logic.
Disclaimer! Glider is still in beta; a lot of things to do, and a lot of things can go wrong. If you encounter any issues, please feel free to contact the team in the Discord channel.
Quick Start#
If you’re already familiar with smart contracts in general, I’d suggest you to:
- Go to the Glider official website
- Register an account
- Browse the provided basic queries
- Try to run and see how it works
Otherwise, start with this awesome repo!
Last sync with the repo: d728d31e1b7adc33060d46bc473acc3334afab44.
Good day to learn about the Function methods, isn’t it? Function is the second of our fundamental trio. It can be used to:
Check the corresponding function’s properties Get different types of instructions belonging to this function Work with arguments … Don’t forget about the Callable object, Function inherit its methods!
Methods From the most important methods, I can highlight the following:
The group of property methods (.is_internal(), .is_public(), .is_payable(), etc....
The last of the trio, Instruction, is another huge class with 44 methods in total + 5 from its child classes (there will be more!). This here is where you’ll spend most of your time when you write complex glides, trying to generalize the way your code processes different combinations of Solidity instructions expressed through the Glider’s objects.
Children Instruction comes in many forms, like:
AssemblyInstruction IfInstruction NewVariableInstruction ReturnInstruction ThrowInstruction … Each child class represents a type of Solidity instruction....
Your proficiency with Instruction and Function can be significantly increased if you know how to look into the deeper level of what they contain.
Today, I’ll introduce you to the .dump_into_json() method.
dump_into_json() It is a method you’ll encounter in:
Callable (meaning Function and Modifier) Event Contract NoneObject The most useful are the first two. It lets you get most information about an object, such as name, signature, arguments, visibility, etc....
Continuing yesterday’s article, today we’ll talk about the .instruction_data property of an Instruction. I find it very helpful when dealing with instructions, and I use it a lot. The property is quite complex, though; sometimes, it’s not very obvious how to process the information it gives.
instruction_data The property contains all the low-level information about an instruction’s representation in Glider. This includes IRs, callees, operands, used variables, etc. It helps you visualize and compare several target instructions to abstract your processing logic....
I’ve made a couple of queries to help you find valuable contracts in the Glider output because it can be lengthy.
Extract contract addresses and deduplicate The first step is to make a nice list of addresses out of the Glider’s standard output of contracts, instructions, or functions.
This little NodeJS script below helps with it:
const { readFileSync, writeFileSync } = require("fs"); async function main() { const rawAddresses = readFileSync("....