Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts

The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language. In this paper we introduce Osiris – a framework that combines symbolic execution and taint analysis, in order to accurately find integer bugs in Ethereum smart contracts. Osiris detects a greater range of bugs than existing tools, while providing a better specificity of its detection. We have evaluated its performance on a large experimental dataset containing more than 1.2 million smart contracts. We found that 42,108 contracts contain integer bugs. Be- sides being able to identify several vulnerabilities that have been reported in the past few months, we were also able to identify a yet unknown critical vulnerability in a couple of smart contracts that are currently deployed on the Ethereum blockchain

Participatory modelling for stakeholder involvement in the development of flood risk management intervention options

Advancing stakeholder participation beyond consultation offers a range of benefits for local flood risk management, particularly as responsibilities are increasingly devolved to local levels. This paper details the design and implementation of a participatory approach to identify intervention options for managing local flood risk. Within this approach, Bayesian networks were used to generate a conceptual model of the local flood risk system, with a particular focus on how different interventions might achieve each of nine participant objectives. The model was co-constructed by flood risk experts and local stakeholders. The study employs a novel evaluative framework, examining both the process and its outcomes (short-term substantive and longer-term social benefits). It concludes that participatory modelling techniques can facilitate the identification of intervention options by a wide range of stakeholders, and prioritise a subset for further investigation. They can help support a broader move towards active stakeholder participation in local flood risk management

UK fiscal changes and new forestry planning

The taxation and grant arrangements for UK forestry were radically changed in April 1988. This paper considers the consequence of these changes for new forestry investment in Scotland by examining five models which describe different site types. The investment appraisals show that after April 1988 forestry will no longer be of interest to investors seeking a tax shelter or wishing to invest borrowed capital. Acceptable real returns to capital will be found only on relatively good quality sites. A major reduction in the rate of new planting is indicated and a shift away from poorer planting land. The rate and location of new planting will depend critically on farmland prices and the extent to which better-quality land is released for planting under the normal consultation procedures