Share
## https://sploitus.com/exploit?id=C711A7D4-47F7-5306-BD62-41346203860C
# Unverified Exploits - Rule-Based Exploit Generation & Testing
## Overview
Processing ~400,000 suspicious unverified contracts (no source code) with rule-based exploit generation and fork testing.
## Repository Structure
```
unverified_exploits/
โโโ README.md
โโโ LICENSE
โโโ requirements.txt
โโโ scripts/
โ โโโ test_mvp.py # MVP test (50 CRITICAL contracts)
โ โโโ batch_rule_exploit.py # Full batch processing
โ โโโ rpc_tester.py # Test RPC endpoints
โโโ src/
โ โโโ __init__.py
โ โโโ bytecode_analyzer.py # flags โ vulnerability_type mapping
โ โโโ exploit_generator.py # RuleBasedExploitGenerator wrapper
โ โโโ fork_tester.py # Anvil fork testing
โ โโโ checkpoint.py # Progress tracking
โ โโโ db.py # Database operations
โโโ results/ # Saved results
โโโ checkpoints/ # Resume data
โโโ tests/ # Unit tests
```
## Database
**Source:** `kawa_schema.contract_unverified_analysis` (crf.ercsec.com)
- 427,391 total unverified contracts analyzed
- 398,619 suspicious (278,721 CRITICAL + 119,898 HIGH)
**Results:** `kawa_schema.unverified_exploit_results`
## Pipeline
1. Load CRITICAL/HIGH suspicious contracts from contract_unverified_analysis
2. Get bytecode from contracts table
3. Probe interface via RuntimeInterfaceProber (Anvil fork)
4. Map flags โ vulnerability_type
5. Generate exploit via RuleBasedExploitGenerator (NO LLM)
6. Test on Anvil fork
7. Save results + checkpoint
## Quick Start
```bash
# Setup
cd /home/kawa/crf/unverified_exploits
source ../contract_research_v2/venv/bin/activate
# Test RPC endpoints
python scripts/rpc_tester.py
# Run MVP (50 CRITICAL contracts)
python scripts/test_mvp.py --count 50 --resume
# Run full batch
python scripts/batch_rule_exploit.py --risk-level CRITICAL --workers 10
```
## Progress
| Date | Phase | Status |
|------|-------|--------|
| 2026-05-14 | MVP Development | In Progress |
| 2026-05-14 | MVP Test (50 contracts) | Pending |
| 2026-05-14 | CRITICAL batch | Pending |
| 2026-05-14 | HIGH batch | Pending |
## License
MIT