Name
Abstract | ||
|---|---|---|
We investigate a family of bugs in blockchain-based smart contracts, which we dub event-ordering (or EO) bugs. These bugs are intimately related to the dynamic ordering of contract events, i.e. calls of its functions, and enable potential exploits of millions of USD worth of crypto-coins. Previous techniques to detect EO bugs have been restricted to those bugs that involve just one or two event orderings. Our work provides a new formulation of the general class of EO bugs arising in long permutations of such events by using techniques from concurrent program analysis. The technical challenge in detecting EO bugs in blockchain contracts is the inherent combinatorial blowup in path and state space analysis, even for simple contracts. We propose the first use of partial-order reduction techniques, using automatically extracted happens-before relations along with several dynamic symbolic execution optimizations. We build EthRacer, an automatic analysis tool that runs directly on Ethereum bytecode and requires no hints from users. It flags 8% of over 10, 000 contracts analyzed, providing compact event traces (witnesses) that human analysts can examine in only a few minutes per contract. More than half of the flagged contracts are likely to have unintended behaviour.
|
Year | DOI | Venue |
|---|---|---|
2018 | 10.1145/3293882.3330560 | Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis |
Keywords | Field | DocType |
Concurrency, Ethereum, Happens-Before, Smart Contract Security | Concurrency,Computer science,Permutation,Exploit,Theoretical computer science,Symbolic execution,Blockchain,Bytecode,State space | Journal |
Volume | Citations | PageRank |
abs/1810.11605 | 8 | 0.51 |
References | Authors | |
0 | 5 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Aashish Kolluri | 1 | 8 | 1.52 |
| Ivica Nikolic | 2 | 170 | 18.14 |
| Ilya Sergey | 3 | 162 | 16.06 |
| Aquinas Hobor | 4 | 243 | 17.42 |
| Prateek Saxena | 5 | 1915 | 97.73 |