15 research outputs found
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
In this paper, we analyze the evolution of Certificate Transparency (CT) over
time and explore the implications of exposing certificate DNS names from the
perspective of security and privacy. We find that certificates in CT logs have
seen exponential growth. Website support for CT has also constantly increased,
with now 33% of established connections supporting CT. With the increasing
deployment of CT, there are also concerns of information leakage due to all
certificates being visible in CT logs. To understand this threat, we introduce
a CT honeypot and show that data from CT logs is being used to identify targets
for scanning campaigns only minutes after certificate issuance. We present and
evaluate a methodology to learn and validate new subdomains from the vast
number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201
How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection
Security attacks targeting smart contracts have been on the rise, which have
led to financial loss and erosion of trust. Therefore, it is important to
enable developers to discover security vulnerabilities in smart contracts
before deployment. A number of static analysis tools have been developed for
finding security bugs in smart contracts. However, despite the numerous
bug-finding tools, there is no systematic approach to evaluate the proposed
tools and gauge their effectiveness. This paper proposes SolidiFI, an automated
and systematic approach for evaluating smart contract static analysis tools.
SolidiFI is based on injecting bugs (i.e., code defects) into all potential
locations in a smart contract to introduce targeted security vulnerabilities.
SolidiFI then checks the generated buggy contract using the static analysis
tools, and identifies the bugs that the tools are unable to detect
(false-negatives) along with identifying the bugs reported as false-positives.
SolidiFI is used to evaluate six widely-used static analysis tools, namely,
Oyente, Securify, Mythril, SmartCheck, Manticore and Slither, using a set of 50
contracts injected by 9369 distinct bugs. It finds several instances of bugs
that are not detected by the evaluated tools despite their claims of being able
to detect such bugs, and all the tools report many false positivesComment: ISSTA 202
MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts
Ethereum is a distributed blockchain platform, serving as an ecosystem for smart contracts: full-fledged inter-
communicating programs that capture the transaction logic of an account. Unlike programs in mainstream
languages, a gas limit restricts the execution of an Ethereum smart contract: execution proceeds as long as gas
is available. Thus, gas is a valuable resource that can be manipulated by an attacker to provoke unwanted
behavior in a victim’s smart contract (e.g., wasting or blocking funds of said victim). Gas-focused vulnerabilities
exploit undesired behavior when a contract (directly or through other interacting contracts) runs out of gas.
Such vulnerabilities are among the hardest for programmers to protect against, as out-of-gas behavior may be
uncommon in non-attack scenarios and reasoning about it is far from trivial.
In this paper, we classify and identify gas-focused vulnerabilities, and present MadMax: a static program
analysis technique to automatically detect gas-focused vulnerabilities with very high confidence. Our approach
combines a control-flow-analysis-based decompiler and declarative program-structure queries. The combined
analysis captures high-level domain-specific concepts (such as łdynamic data structure storagež and łsafely
resumable loopsž) and achieves high precision and scalability. MadMax analyzes the entirety of smart contracts
in the Ethereum blockchain in just 10 hours (with decompilation timeouts in 8% of the cases) and flags contracts
with a (highly volatile) monetary value of over $2.8B as vulnerable. Manual inspection of a sample of flagged
contracts shows that 81% of the sampled warnings do indeed lead to vulnerabilities, which we report on in
our experiment
Targeted Greybox Fuzzing with Static Lookahead Analysis
Automatic test generation typically aims to generate inputs that explore new
paths in the program under test in order to find bugs. Existing work has,
therefore, focused on guiding the exploration toward program parts that are
more likely to contain bugs by using an offline static analysis.
In this paper, we introduce a novel technique for targeted greybox fuzzing
using an online static analysis that guides the fuzzer toward a set of target
locations, for instance, located in recently modified parts of the program.
This is achieved by first semantically analyzing each program path that is
explored by an input in the fuzzer's test suite. The results of this analysis
are then used to control the fuzzer's specialized power schedule, which
determines how often to fuzz inputs from the test suite. We implemented our
technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart
contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an
online analysis is particularly suitable for the domain of smart contracts
since it does not require any code instrumentation---instrumentation to
contracts changes their semantics. Our experiments show that targeted fuzzing
significantly outperforms standard greybox fuzzing for reaching 83% of the
challenging target locations (up to 14x of median speed-up)
Short Paper: Blockcheck the Typechain
Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent
Harvey: A Greybox Fuzzer for Smart Contracts
We present Harvey, an industrial greybox fuzzer for smart contracts, which
are programs managing accounts on a blockchain. Greybox fuzzing is a
lightweight test-generation approach that effectively detects bugs and security
vulnerabilities. However, greybox fuzzers randomly mutate program inputs to
exercise new paths; this makes it challenging to cover code that is guarded by
narrow checks, which are satisfied by no more than a few input values.
Moreover, most real-world smart contracts transition through many different
states during their lifetime, e.g., for every bid in an auction. To explore
these states and thereby detect deep vulnerabilities, a greybox fuzzer would
need to generate sequences of contract transactions, e.g., by creating bids
from multiple users, while at the same time keeping the search space and test
suite tractable. In this experience paper, we explain how Harvey alleviates
both challenges with two key fuzzing techniques and distill the main lessons
learned. First, Harvey extends standard greybox fuzzing with a method for
predicting new inputs that are more likely to cover new paths or reveal
vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in
a targeted and demand-driven way. We have evaluated our approach on 27
real-world contracts. Our experiments show that the underlying techniques
significantly increase Harvey's effectiveness in achieving high coverage and
detecting vulnerabilities, in most cases orders-of-magnitude faster; they also
reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787
Gigahorse: Thorough, Declarative Decompilation of Smart Contracts
The rise of smart contracts-autonomous applications running on
blockchains-has led to a growing number of threats, necessitating
sophisticated program analysis. However, smart contracts, which transact
valuable tokens and cryptocurrencies, are compiled to very low-level
bytecode. This bytecode is the ultimate semantics and means of
enforcement of the contract.
We present the Gigahorse toolchain. At its core is a reverse compiler
(i.e., a decompiler) that decompiles smart contracts from Ethereum
Virtual Machine (EVM) bytecode into a high-level 3-address code
representation. The new intermediate representation of smart contracts
makes implicit data- and control-flow dependencies of the EVM bytecode
explicit. Decompilation obviates the need for a contract’s source and
allows the analysis of both new and deployed contracts.
Gigahorse advances the state of the art on several fronts. It gives the
highest analysis precision and completeness among decompilers for
Ethereum smart contracts-e.g., Gigahorse can decompile over 99.98% of
deployed contracts, compared to 88% for the recently-published Vandal
decompiler and under 50% for the state-of-the-practice Porosity
decompiler. Importantly, Gigahorse offers a full-featured toolchain for
further analyses (and a “batteries included” approach, with multiple
clients already implemented), together with the highest performance and
scalability. Key to these improvements is Gigahorse’s use of a
declarative, logic-based specification, which allows high-level insights
to inform low-level decompilation
SQL for data scientists
The SQL query language is the 'lingua franca' of transactional databases, and is essential for scalable data analytics. Learning SQL requires practical exercises with databases, including those parts of SQL with side-effects such as DDL statements, triggers, and stored procedures. Teaching this effectively to a non-technical audience is a challenge, especially in times of COVID-19 without face-to-face classes. The Grok Learning platform allows to design self-paced online tutorials with auto-graded exercises - but it was originally built for teaching programming languages. In this demo, we show how we extended the Grok platform to teach SQL for Data Scientists with comprehensive online learning. Grok supports a rich user interface with interactive examples where students can explore and experiment with each example query. This is ideal for learning declarative querying. Each query is executed in its own sandbox on a freshly initialised database instance which allows to teach all parts of SQL including DDL statements, stored procedures, triggers and UDFs. At the same time, the platform scales to thousands of concurrent users, while maintaining interactive response times
Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities
Smart contracts on permissionless blockchains are exposed to inherent
security risks due to interactions with untrusted entities. Static
analyzers are essential for identifying security risks and avoiding
millions of dollars worth of damage.
We introduce Ethainter, a security analyzer checking information flow
with data sanitization in smart contracts. Ethainter identifies
composite attacks that involve an escalation of tainted information,
through multiple transactions, leading to severe violations. The
analysis scales to the entire blockchain, consisting of hundreds of
thousands of unique smart contracts, deployed over millions of accounts.
Ethainter is more precise than previous approaches, as we confirm by
automatic exploit generation (e.g., destroying over 800 contracts on the
Ropsten network) and by manual inspection, showing a very high precision
of 82.5% valid warnings for end-to-end vulnerabilities. Ethainter’s
balance of precision and completeness offers significant advantages over
other tools such as Securify, Securify2, and teEther