GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts

We present the main concepts, components, and usage of GASOL, a Gas AnalysiS and Optimization tooL for Ethereum smart contracts. GASOL offers a wide variety of cost models that allow inferring the gas consumption associated to selected types of EVM instructions and/or inferring the number of times that such types of bytecode instructions are executed. Among others, we have cost models to measure only storage opcodes, to measure a selected family of gas-consumption opcodes following the Ethereum's classification, to estimate the cost of a selected program line, etc. After choosing the desired cost model and the function of interest, GASOL returns to the user an upper bound of the cost for this function. As the gas consumption is often dominated by the instructions that access the storage, GASOL uses the gas analysis to detect under-optimized storage patterns, and includes an (optional) automatic optimization of the selected function. Our tool can be used within an Eclipse plugin for Solidity which displays the gas and instructions bounds and, when applicable, the gas-optimized Solidity function

Harnessing Flexible and Reliable Demand Response Under Customer Uncertainties

Demand response (DR) is a cost-effective and environmentally friendly approach for mitigating the uncertainties in renewable energy integration by taking advantage of the flexibility of customers' demands. However, existing DR programs suffer from either low participation due to strict commitment requirements or not being reliable in voluntary programs. In addition, the capacity planning for energy storage/reserves is traditionally done separately from the demand response program design, which incurs inefficiencies. Moreover, customers often face high uncertainties in their costs in providing demand response, which is not well studied in literature. This paper first models the problem of joint capacity planning and demand response program design by a stochastic optimization problem, which incorporates the uncertainties from renewable energy generation, customer power demands, as well as the customers' costs in providing DR. We propose online DR control policies based on the optimal structures of the offline solution. A distributed algorithm is then developed for implementing the control policies without efficiency loss. We further offer enhanced policy design by allowing flexibilities into the commitment level. We perform real world trace based numerical simulations. Results demonstrate that the proposed algorithms can achieve near optimal social costs, and significant social cost savings compared to baseline methods

EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts

Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant patching is especially important since smart contracts are always online due to the distributed nature of blockchain systems. They also manage considerable amounts of assets, which are at risk and often beyond recovery after an attack. Existing solutions to upgrade smart contracts depend on manual and error-prone processes. This paper presents a framework, called EVMPatch, to instantly and automatically patch faulty smart contracts. EVMPatch features a bytecode rewriting engine for the popular Ethereum blockchain, and transparently/automatically rewrites common off-the-shelf contracts to upgradable contracts. The proof-of-concept implementation of EVMPatch automatically hardens smart contracts that are vulnerable to integer over/underflows and access control errors, but can be easily extended to cover more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable) contracts demonstrate that our approach successfully blocks attack transactions launched on these contracts, while keeping the intended functionality of the contract intact. We perform a study with experienced software developers, showing that EVMPatch is practical, and reduces the time for converting a given Solidity smart contract to an upgradable contract by 97.6 %, while ensuring functional equivalence to the original contract.Comment: A slightly shorter version of this paper will be published at USENIX Security Symposium 202