18 research outputs found
Making Smart Contracts Smarter
Cryptocurrencies record transactions in a decentralized data structure called a
blockchain. Two of the most popular cryptocurrencies, Bitcoin and
Ethereum, support the feature to encode rules or scripts for processing transactions.
This feature has evolved to give practical shape to the ideas of smart
contracts, or full-fledged programs that are run on blockchains.
Recently, Ethereum\u27s smart contract system has seen steady adoption, supporting
tens of thousands of contracts, holding millions dollars worth of
virtual coins.
In this paper, we investigate the security of running smart contracts based on Ethereum
in an open distributed network like those of cryptocurrencies. We introduce
several new security problems in which an adversary can manipulate smart
contract execution to gain profit. These bugs suggest subtle gaps in the
understanding of the distributed semantics of the underlying platform. As a
refinement, we propose ways to enhance the operational semantics of
Ethereum to make contracts less vulnerable. For developers writing contracts
for the existing Ethereum system, we build a symbolic execution tool called
Oyente to find potential security bugs. Among 19, 336 existing
Ethereum contracts, Oyente flags 8, 833 of them as vulnerable,
including the TheDAO bug which led to a 60 million US dollar loss in June 2016.
We also
discuss the severity of other attacks for several case studies which have source code
available and confirm the attacks (which target only our accounts) in the main
Ethereum network
Frequency and Risk Factor of Lower-limb Deep Vein Thrombosis after Major Orthopedic Surgery in Vietnamese Patients
BACKGROUND: Deep venous thrombosis (DVT) is a prevalent complication of orthopedic surgery. According in many studies. The incidence of DVT may be up to 50% if thromboprophylaxis is not available.
AIM: The objective of this study was to check the degree of disease, clinical characteristics and analyzed factors in vulnerabilities with lower-limp DVT after orthopedic surgery in a Vietnam teaching hospital.
METHODS: Orthopedic patients who met criteria were recruited at our hospital between August 2017 and June 2018. Ultrasound was used to discovering lower-limp DVT in pre-surgery and 7 days after surgery in all patients.
RESULTS: The incidence of DVT after orthopedic surgery was 7.2%. Patients with older age (> 60) have a risk of 2 times higher of DVT after surgery than normal people (p < 0.05). The incidence of postoperative DVT was higher in immobile individuals > 72 hours (p < 0.05). Patients with prolonged surgical time (>120 minutes) had a higher risk of postoperative DVT than non-surgical patients’ surgery (p < 0.05).
CONCLUSIONS: DVT remains a common complication following orthopedic surgery. Older age, immobility status, and surgical time have been found to be risky factors for the development of postoperative lower-limp DVT in orthopedic patients
S3: Syntax- and semantic-guided repair synthesis via programming by examples
National Science Foundatio
Invariant Synthesis for Incomplete Verification Engines
We propose a framework for synthesizing inductive invariants for incomplete
verification engines, which soundly reduce logical problems in undecidable
theories to decidable theories. Our framework is based on the counter-example
guided inductive synthesis principle (CEGIS) and allows verification engines to
communicate non-provability information to guide invariant synthesis. We show
precisely how the verification engine can compute such non-provability
information and how to build effective learning algorithms when invariants are
expressed as Boolean combinations of a fixed set of predicates. Moreover, we
evaluate our framework in two verification settings, one in which verification
engines need to handle quantified formulas and one in which verification
engines have to reason about heap properties expressed in an expressive but
undecidable separation logic. Our experiments show that our invariant synthesis
framework based on non-provability information can both effectively synthesize
inductive invariants and adequately strengthen contracts across a large suite
of programs