286 research outputs found
sCompile: Critical path identification and analysis for smart contracts
Ethereum smart contracts are an innovation built on top of the blockchain
technology, which provides a platform for automatically executing contracts in
an anonymous, distributed, and trusted way. The problem is magnified by the
fact that smart contracts, unlike ordinary programs, cannot be patched easily
once deployed. It is important for smart contracts to be checked against
potential vulnerabilities. In this work, we propose an alternative approach to
automatically identify critical program paths (with multiple function calls
including inter-contract function calls) in a smart contract, rank the paths
according to their criticalness, discard them if they are infeasible or
otherwise present them with user friendly warnings for user inspection. We
identify paths which involve monetary transaction as critical paths, and
prioritize those which potentially violate important properties. For
scalability, symbolic execution techniques are only applied to top ranked
critical paths. Our approach has been implemented in a tool called sCompile,
which has been applied to 36,099 smart contracts. The experiment results show
that sCompile is efficient, i.e., 5 seconds on average for one smart contract.
Furthermore, we show that many known vulnerabilities can be captured if user
inspects as few as 10 program paths generated by sCompile. Lastly, sCompile
discovered 224 unknown vulnerabilities with a false positive rate of 15.4%
before user inspection.Comment: Accepted by ICFEM 201
MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract
Smart contracts are executable programs that enable the building of a
programmable trust mechanism between multiple entities without the need of a
trusted third-party. Researchers have developed several security scanners in
the past couple of years. However, many of these analyzers either do not scale
well, or if they do, produce many false positives. This issue is exacerbated
when bugs are triggered only after a series of interactions with the functions
of the contract-under-test. A depth-n vulnerability, refers to a vulnerability
that requires invoking a specific sequence of n functions to trigger. Depth-n
vulnerabilities are time-consuming to detect by existing automated analyzers,
because of the combinatorial explosion of sequences of functions that could be
executed on smart contracts.
In this paper, we present a technique to analyze depth-n vulnerabilities in
an efficient and scalable way by combining symbolic execution and data
dependency analysis. A significant advantage of combining symbolic with static
analysis is that it scales much better than symbolic alone and does not have
the problem of false positive that static analysis tools typically have. We
have implemented our technique in a tool called MPro, a scalable and automated
smart contract analyzer based on the existing symbolic analysis tool
Mythril-Classic and the static analysis tool Slither. We analyzed 100 randomly
chosen smart contracts on MPro and our evaluation shows that MPro is about
n-times faster than Mythril-Classic for detecting depth-n vulnerabilities,
while preserving all the detection capabilities of Mythril-Classic
- …