19 research outputs found
GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts
We present the main concepts, components, and usage of GASOL, a Gas AnalysiS
and Optimization tooL for Ethereum smart contracts. GASOL offers a wide variety
of cost models that allow inferring the gas consumption associated to selected
types of EVM instructions and/or inferring the number of times that such types
of bytecode instructions are executed. Among others, we have cost models to
measure only storage opcodes, to measure a selected family of gas-consumption
opcodes following the Ethereum's classification, to estimate the cost of a
selected program line, etc. After choosing the desired cost model and the
function of interest, GASOL returns to the user an upper bound of the cost for
this function. As the gas consumption is often dominated by the instructions
that access the storage, GASOL uses the gas analysis to detect under-optimized
storage patterns, and includes an (optional) automatic optimization of the
selected function. Our tool can be used within an Eclipse plugin for Solidity
which displays the gas and instructions bounds and, when applicable, the
gas-optimized Solidity function
The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
Modern blockchains, such as Ethereum, enable the execution of so-called smart
contracts - programs that are executed across a decentralised network of nodes.
As smart contracts become more popular and carry more value, they become more
of an interesting target for attackers. In the past few years, several smart
contracts have been exploited by attackers. However, a new trend towards a more
proactive approach seems to be on the rise, where attackers do not search for
vulnerable contracts anymore. Instead, they try to lure their victims into
traps by deploying seemingly vulnerable contracts that contain hidden traps.
This new type of contracts is commonly referred to as honeypots. In this paper,
we present the first systematic analysis of honeypot smart contracts, by
investigating their prevalence, behaviour and impact on the Ethereum
blockchain. We develop a taxonomy of honeypot techniques and use this to build
HoneyBadger - a tool that employs symbolic execution and well defined
heuristics to expose honeypots. We perform a large-scale analysis on more than
2 million smart contracts and show that our tool not only achieves high
precision, but is also highly efficient. We identify 690 honeypot smart
contracts as well as 240 victims in the wild, with an accumulated profit of
more than $90,000 for the honeypot creators. Our manual validation shows that
87% of the reported contracts are indeed honeypots
Towards Smart Hybrid Fuzzing for Smart Contracts
Smart contracts are Turing-complete programs that are executed across a
blockchain network. Unlike traditional programs, once deployed they cannot be
modified. As smart contracts become more popular and carry more value, they
become more of an interesting target for attackers. In recent years, smart
contracts suffered major exploits, costing millions of dollars, due to
programming errors. As a result, a variety of tools for detecting bugs has been
proposed. However, majority of these tools often yield many false positives due
to over-approximation or poor code coverage due to complex path constraints.
Fuzzing or fuzz testing is a popular and effective software testing technique.
However, traditional fuzzers tend to be more effective towards finding shallow
bugs and less effective in finding bugs that lie deeper in the execution. In
this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary
fuzzing with constraint solving in order to execute more code and find more
bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts
of a smart contract, while constraint solving is used to generate inputs which
satisfy complex conditions that prevent the evolutionary fuzzing from exploring
deeper paths. Moreover, we use data dependency analysis to efficiently generate
sequences of transactions, that create specific contract states in which bugs
may be hidden. We evaluate the effectiveness of our fuzzing strategy, by
comparing CONFUZZIUS with state-of-the-art symbolic execution tools and
fuzzers. Our evaluation shows that our hybrid fuzzing approach produces
significantly better results than state-of-the-art symbolic execution tools and
fuzzers
Securing Smart Contract On The Fly
We present Solythesis, a source to source Solidity compiler which takes a
smart contract code and a user specified invariant as the input and produces an
instrumented contract that rejects all transactions that violate the invariant.
The design of Solythesis is driven by our observation that the consensus
protocol and the storage layer are the primary and the secondary performance
bottlenecks of Ethereum, respectively. Solythesis operates with our novel delta
update and delta check techniques to minimize the overhead caused by the
instrumented storage access statements. Our experimental results validate our
hypothesis that the overhead of runtime validation, which is often too
expensive for other domains, is in fact negligible for smart contracts. The CPU
overhead of Solythesis is only 0.12% on average for our 23 benchmark contracts