1,945 research outputs found
A true concurrent model of smart contracts executions
The development of blockchain technologies has enabled the trustless
execution of so-called smart contracts, i.e. programs that regulate the
exchange of assets (e.g., cryptocurrency) between users. In a decentralized
blockchain, the state of smart contracts is collaboratively maintained by a
peer-to-peer network of mutually untrusted nodes, which collect from users a
set of transactions (representing the required actions on contracts), and
execute them in some order. Once this sequence of transactions is appended to
the blockchain, the other nodes validate it, re-executing the transactions in
the same order. The serial execution of transactions does not take advantage of
the multi-core architecture of modern processors, so contributing to limit the
throughput. In this paper we propose a true concurrent model of smart contract
execution. Based on this, we show how static analysis of smart contracts can be
exploited to parallelize the execution of transactions.Comment: Full version of the paper presented at COORDINATION 202
A Concurrent Perspective on Smart Contracts
In this paper, we explore remarkable similarities between multi-transactional
behaviors of smart contracts in cryptocurrencies such as Ethereum and classical
problems of shared-memory concurrency. We examine two real-world examples from
the Ethereum blockchain and analyzing how they are vulnerable to bugs that are
closely reminiscent to those that often occur in traditional concurrent
programs. We then elaborate on the relation between observable contract
behaviors and well-studied concurrency topics, such as atomicity, interference,
synchronization, and resource ownership. The described
contracts-as-concurrent-objects analogy provides deeper understanding of
potential threats for smart contracts, indicate better engineering practices,
and enable applications of existing state-of-the-art formal verification
techniques.Comment: 15 page
Harvey: A Greybox Fuzzer for Smart Contracts
We present Harvey, an industrial greybox fuzzer for smart contracts, which
are programs managing accounts on a blockchain. Greybox fuzzing is a
lightweight test-generation approach that effectively detects bugs and security
vulnerabilities. However, greybox fuzzers randomly mutate program inputs to
exercise new paths; this makes it challenging to cover code that is guarded by
narrow checks, which are satisfied by no more than a few input values.
Moreover, most real-world smart contracts transition through many different
states during their lifetime, e.g., for every bid in an auction. To explore
these states and thereby detect deep vulnerabilities, a greybox fuzzer would
need to generate sequences of contract transactions, e.g., by creating bids
from multiple users, while at the same time keeping the search space and test
suite tractable. In this experience paper, we explain how Harvey alleviates
both challenges with two key fuzzing techniques and distill the main lessons
learned. First, Harvey extends standard greybox fuzzing with a method for
predicting new inputs that are more likely to cover new paths or reveal
vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in
a targeted and demand-driven way. We have evaluated our approach on 27
real-world contracts. Our experiments show that the underlying techniques
significantly increase Harvey's effectiveness in achieving high coverage and
detecting vulnerabilities, in most cases orders-of-magnitude faster; they also
reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787
A theory of transaction parallelism in blockchains
Decentralized blockchain platforms have enabled the secure exchange of
crypto-assets without the intermediation of trusted authorities. To this
purpose, these platforms rely on a peer-to-peer network of byzantine nodes,
which collaboratively maintain an append-only ledger of transactions, called
blockchain. Transactions represent the actions required by users, e.g. the
transfer of some units of crypto-currency to another user, or the execution of
a smart contract which distributes crypto-assets according to its internal
logic. Part of the nodes of the peer-to-peer network compete to append
transactions to the blockchain. To do so, they group the transactions sent by
users into blocks, and update their view of the blockchain state by executing
these transactions in the chosen order. Once a block of transactions is
appended to the blockchain, the other nodes validate it, re-executing the
transactions in the same order. The serial execution of transactions does not
take advantage of the multi-core architecture of modern processors, so
contributing to limit the throughput. In this paper we develop a theory of
transaction parallelism for blockchains, which is based on static analysis of
transactions and smart contracts. We illustrate how blockchain nodes can use
our theory to parallelize the execution of transactions. Initial experiments on
Ethereum show that our technique can improve the performance of nodes.Comment: arXiv admin note: text overlap with arXiv:1905.0436
- …