Share 
## https://sploitus.com/exploit?id=1E6E1A5B-217E-5BA0-A4DA-85AB7D09A63D
# DeFi Exploit Pipeline

Pipeline otomatis untuk menganalisis smart contract DeFi berdasarkan 701 exploit historis dari DeFiHackLabs.

## Cara Pakai

```bash
# Match target against exploit database
python3 pipeline.py 

# Deep scan + full analysis
python3 pipeline.py --scan 

# Re-extract database dari DeFiHackLabs
python3 pipeline.py --extract

# Top N matches
python3 pipeline.py  --top 20
```

## Pipeline Flow

```
1. EXTRACT    โ†’ Parse 701 .sol exploit files โ†’ JSON database
2. MATCH      โ†’ Compare target against exploit patterns
3. DEEP SCAN  โ†’ Extract attack surface features dari target
4. REPORT     โ†’ Generate markdown report dengan findings
```

## Files

```
defi-exploit-pipeline/
โ”œโ”€โ”€ pipeline.py              # Main entry point
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ extract_db.py        # Extract metadata dari 701 exploit files
โ”‚   โ”œโ”€โ”€ extract_logic.py     # Extract call logic dan code signatures
โ”‚   โ””โ”€โ”€ match_pattern.py     # Match target against exploit patterns
โ”œโ”€โ”€ data/
โ”‚   โ”œโ”€โ”€ exploit_database.json    # 701 exploit metadata (896KB)
โ”‚   โ”œโ”€โ”€ exploit_logic_db.json    # 701 exploit logic (402KB)
โ”‚   โ”œโ”€โ”€ EXPLOIT_DATABASE.md      # Readable exploit index
โ”‚   โ””โ”€โ”€ PATTERN_REFERENCE.md     # Pattern signatures reference
โ””โ”€โ”€ output/
    โ””โ”€โ”€ _report.md   # Generated reports
```

## Database Stats

- **701 exploit files** parsed
- **121 unique attack patterns**
- **15 vulnerability types** categorized
- **10 chains** covered (ETH, BSC, Arbitrum, Polygon, dll)

## Vulnerability Types

| Type | Count | Description |
|------|-------|-------------|
| flash_loan | 375 | Flash loan abuse |
| oracle_manipulation | 241 | Price oracle manipulation |
| reentrancy | 105 | Reentrancy attacks |
| approval_abuse | 412 | Token approval issues |
| dex_manipulation | 74 | DEX pool manipulation |
| signature_abuse | 114 | Signature/permit abuse |
| access_control | 57 | Missing access control |
| logic_error | 71 | Logic/math errors |

## Contoh Output

```
๐Ÿ” Analyzing: Morpho.sol
๐Ÿ“ Signature: FLASH_LOAN โ†’ ORACLE โ†’ CALLBACK

๐ŸŽฏ Top 5 matching exploit patterns:
  1. UwuLend (2024-06) โ€” Score: 0.983 โ€” $19.3M
  2. Agave (2022-03) โ€” Score: 0.879 โ€” $1.5M
  3. Euler (2023-03) โ€” Score: 0.75 โ€” $196M
```

## Requirements

- Python 3.10+
- DeFiHackLabs repo di `/root/DeFiHackLabs/`

## Based On

- [DeFiHackLabs](https://github.com/SunWeb3Sec/DeFiHackLabs) โ€” 701 exploit PoC collection
- Analisis pattern dari exploit historis: UwuLend, Euler, BonqDAO, Agave, dll