Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts

The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language. In this paper we introduce Osiris – a framework that combines symbolic execution and taint analysis, in order to accurately find integer bugs in Ethereum smart contracts. Osiris detects a greater range of bugs than existing tools, while providing a better specificity of its detection. We have evaluated its performance on a large experimental dataset containing more than 1.2 million smart contracts. We found that 42,108 contracts contain integer bugs. Be- sides being able to identify several vulnerabilities that have been reported in the past few months, we were also able to identify a yet unknown critical vulnerability in a couple of smart contracts that are currently deployed on the Ethereum blockchain

Categorical and Numeric Relations Dataset

Collaboratively constructed knowledge bases play an important role in information systems, but are essentially always incomplete. Thus, a large number of models has been developed for Knowledge Base Completion, the task of predicting new attributes of entities given partial descriptions of these entities. Virtually all of these models either concentrate on numeric attributes (what is Italy’s GDP?) or they concentrate on categorical attributes (Tim Cook is the chairman of Apple). This dataset was created as a part of a research experiment to develop a model for the joint prediction of numeric and categorical attributes based on embeddings learned from textual occurrences of the entities in question. This dataset consists of numeric and categorical relation tuples spanning from 7 different domains such as 'animal', 'country', 'people', etc. The tuples presented in this dataset have been used to train and test a neural network framework to perform the above mentioned task. All data presented in this dataset has been scraped from FreeBase. ****FORTHCOMING PUBLICATION: the paper corresponding to this dataset will be available soon***