How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection

Security attacks targeting smart contracts have been on the rise, which have led to financial loss and erosion of trust. Therefore, it is important to enable developers to discover security vulnerabilities in smart contracts before deployment. A number of static analysis tools have been developed for finding security bugs in smart contracts. However, despite the numerous bug-finding tools, there is no systematic approach to evaluate the proposed tools and gauge their effectiveness. This paper proposes SolidiFI, an automated and systematic approach for evaluating smart contract static analysis tools. SolidiFI is based on injecting bugs (i.e., code defects) into all potential locations in a smart contract to introduce targeted security vulnerabilities. SolidiFI then checks the generated buggy contract using the static analysis tools, and identifies the bugs that the tools are unable to detect (false-negatives) along with identifying the bugs reported as false-positives. SolidiFI is used to evaluate six widely-used static analysis tools, namely, Oyente, Securify, Mythril, SmartCheck, Manticore and Slither, using a set of 50 contracts injected by 9369 distinct bugs. It finds several instances of bugs that are not detected by the evaluated tools despite their claims of being able to detect such bugs, and all the tools report many false positivesComment: ISSTA 202

Property-Driven Black-Box Testing of Numeric Functions

In this work, we propose a property-driven testing mechanism to perform unit testing of functions performing numerical computations. Our approach, similar to the property-based testing technique, allows the tester to specify the requirements to check. Unlike property-based testing, the specification is then used to generate test cases in a targeted manner. Moreover, our approach works as a black-box testing tool, i.e. it does not require knowledge about the internals of the function under test. Therefore, besides on programmed numeric functions, we also apply our technique to machine-learned regression models. The experimental evaluation on a number of case studies shows the effectiveness of our testing approach

Towards Scaling Blockchain Systems via Sharding

Existing blockchain systems scale poorly because of their distributed consensus protocols. Current attempts at improving blockchain scalability are limited to cryptocurrency. Scaling blockchain systems under general workloads (i.e., non-cryptocurrency applications) remains an open question. In this work, we take a principled approach to apply sharding, which is a well-studied and proven technique to scale out databases, to blockchain systems in order to improve their transaction throughput at scale. This is challenging, however, due to the fundamental difference in failure models between databases and blockchain. To achieve our goal, we first enhance the performance of Byzantine consensus protocols, by doing so we improve individual shards' throughput. Next, we design an efficient shard formation protocol that leverages a trusted random beacon to securely assign nodes into shards. We rely on trusted hardware, namely Intel SGX, to achieve high performance for both consensus and shard formation protocol. Third, we design a general distributed transaction protocol that ensures safety and liveness even when transaction coordinators are malicious. Finally, we conduct an extensive evaluation of our design both on a local cluster and on Google Cloud Platform. The results show that our consensus and shard formation protocols outperform state-of-the-art solutions at scale. More importantly, our sharded blockchain reaches a high throughput that can handle Visa-level workloads, and is the largest ever reported in a realistic environment.Comment: This is an updated version of the Chain of Trust: Can Trusted Hardware Help Scaling Blockchains? paper. This version is to be appeared in SIGMOD 201

Blockchain Trilemma Solver Algorand has Dilemma over Undecidable Messages

Recently, an ingenious protocol called Algorand has been proposed to overcome these limitations. Algorand uses an innovative process - called cryptographic sortition - to securely and unpredictably elect a set of voters from the network periodically. These voters are responsible for reaching consensus through a Byzantine Agreement (BA) protocol on one block per time, guaranteeing an overwhelming probability of linearity of the blockchain. In this paper, we present a security analysis of Algorand. To the best of our knowledge, it is the first security analysis as well as the first formal study on Algorand. We designed an attack scenario in which a group of malicious users tries to break the protocol, or at least limiting it to a reduced partition of network users, by exploiting a possible security flaw in the messages validation process of the BA. Since the source code or an official simulator for Algorand was not available at the time of our study, we created a simulator (which is available on request) to implement the protocol and assess the feasibility of our attack scenario. Our attack requires the attacker to have a trivial capability of establishing multiple connections with targeted nodes and costs practically nothing to the attacker. Our results show that it is possible to slow down the message validation process on honest nodes, which eventually forces them to choose default values on the consensus; leaving the targeted nodes behind in the chain as compared to the non-attacked nodes. Even though our results are subject to the real implementation assumption, the core concept of our attack remains valid.Comment: 8 pages, 2 figures, and 2 table

Complete Knowledge: Preventing Encumbrance of Cryptographic Secrets

Most cryptographic protocols model a player’s knowledge of secrets in a simple way. Informally, the player knows a secret in the sense that she can directly furnish it as a (private) input to a protocol, e.g., to digitally sign a message. The growing availability of Trusted Execution Environments (TEEs) and secure multiparty computation, however, undermines this model of knowledge. Such tools can encumber a secret sk and permit a chosen player to access sk conditionally, without actually knowing sk. By permitting selective access to sk by an adversary, encumbrance of secrets can enable vote-selling in cryptographic voting schemes, illegal sale of credentials for online services, and erosion of deniability in anonymous messaging systems. Unfortunately, existing proof-of-knowledge protocols fail to demonstrate that a secret is unencumbered. We therefore introduce and formalize a new notion called complete knowledge (CK). A proof (or argument) of CK shows that a prover does not just know a secret, but also has fully unencumbered knowledge, i.e., unrestricted ability to use the secret. We introduce two practical CK schemes that use special-purpose hardware, specifically TEEs and off-the-shelf mining ASICs. We prove the security of these schemes and explore their practical deployment with a complete, end-to-end prototype that supports both. We show how CK can address encumbrance attacks identified in previous work. Finally, we introduce two new applications enabled by CK that involve proving ownership of blockchain assets