313 research outputs found
Analysis of “Effectively Callback Freeness” for Smart Contracts
Callbacks are an effective programming discipline for implementing event-driven programming, especially in environments like Ethereum which forbid shared global state and concurrency. Callbacks allow a callee to delegate the execution back to the caller. Though effective, they can lead to subtle mistakes principally in open environments where callbacks can be added in a new code. Indeed, several high profile bugs in smart contracts exploit callbacks. This work presents the first static technique ensuring modularity in the presence of callbacks and apply it to verify prominent smart contracts. Modularity ensures that external calls to other contracts cannot affect the behavior of the contract. Importantly, modularity is guaranteed without restricting programming. In general, checking modularity is undecidable– even for programs without loops. This work describes an effective technique for soundly ensuring modularity harnessing SMT solvers. The main idea is to define a constructive version of modularity using commutativity and projection operations on program segments. We implemented our approach in order to demonstrate the precision of the modularity analysis and applied it to real smart contracts (including a subset of the 150 most queried contracts in Ethereum). Our implementation decompiles bytecode programs into an intermediate representation and then implements the modularity checking using SMT queries. Our experimental results indicate that the method can be applied to many realistic contracts, and that it is able to prove modularity where other methods fail. The main results in this project have been submitted to the ACM SIGPLAN conference on Systems, Programming, Languages, and Applications: Software for Humanity (OOPSLA 2020)
Detection of vulnerabilities in smart contracts specifications in ethereum platforms
Ethereum is the principal ecosystem based on blockchain that provides a suitable environment
for coding and executing smart contracts, which have been receiving great attention due to the
commercial apps and among the scientific community. The process of writing secure and well
performing contracts in the Ethereum platform is a major challenge for developers. It consists of
the application of non-conventional programming paradigms due to the inherent characteristics of
the execution of distributed computing programs. Furthermore, the errors in the deployed contracts
could have serious consequences because of the immediate linkage between the contract code and
the financial transactions. The direct handling of the assets means that the errors can be more
relevant for security and have greater economic consequences than a mistake in the conventional
apps. In this paper, we propose a tool for the detection of vulnerabilities in high-level languages
based on automatized static analysis.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UIDB/05757/2020.info:eu-repo/semantics/publishedVersio
- …