• Corpus ID: 208222424

EtherTrust: Sound Static Analysis of Ethereum bytecode

  title={EtherTrust: Sound Static Analysis of Ethereum bytecode},
  author={Ilya Grishchenko and Matteo Maffei and Clara Schneidewind},
Ethereum has emerged as the most popular smart contract development platform, with hundreds of thousands of contracts stored on the blockchain and covering a variety of application scenarios, such as auctions, trading platforms, and so on. Given their financial nature, the security of these contracts is of paramount importance, as exemplified by recent attacks exploiting programming mistakes to freeze or steal millions of dollars (e.g., the DAO and Parity attacks). An automated security… 

A Survey on Ethereum Systems Security

This work systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses, and draws insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.

A Framework and DataSet for Bugs in Ethereum Smart Contracts

This paper collects as many smart contract bugs as possible from multiple sources and divides these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies, and designs the criteria for detecting each kind of bugs, and constructs a dataset of smart contracts covering all kinds of bugs.

SmartFast: an accurate and robust formal analysis tool for Ethereum smart contracts

A vulnerability assessment model to unify the vulnerability measurement standards is proposed and a static analysis tool called SmartFast is designed, which expresses the contract source code as a novel intermediate representation named SmartIR and can detect more kinds of vulnerabilities with a higher precision rate and a recall rate.

Formalising and verifying smart contracts with Solidifier: a bounded model checker for Solidity

A formalisation of Solidity and the Ethereum blockchain using the Solid language and its blockchain is presented; a Solid program is obtained by explicating/desugaring a Solidity program and some abstractions are made that over-approximate the way in which Solidity/Ethereum behave.

Solidifier: bounded model checking solidity using lazy contract deployment and precise memory modelling

An encoding of Solidity and the Ethereum blockchain is presented using Boogie, an intermediate verification language, and Solidifier is created, a bounded model checker for Solidity that helps find errors/bad states that might be reached through behaviours that might not follow such a pattern.

A Survey of Tools for Analyzing Ethereum Smart Contracts

  • Monika Di AngeloG. Salzer
  • Computer Science
    2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON)
  • 2019
This survey investigates 27 tools for analyzing Ethereum smart contracts regarding availability, maturity level, methods employed, and detection of security issues.

Ethereum Smart Contract Analysis Tools: A Systematic Review

A systematic review on Ethereum smart contracts analysis tools developed for Ethereum blockchain smart contract are presented and some challenges and future recommendations in the field ofthereum smart contracts are highlighted.

Security enhancement technologies for smart contracts in the blockchain: A survey

This paper provides a review of the current research status and advances in smart contract security based on related literature published in recent years, divided into six categories along the line of the technology, which includes symbolic execution, abstract interpretation, fuzz testing, formal verification, deep learning, and privacy enhancement.

Ethereum Smart Contracts: Vulnerabilities and their Classifications

This paper discusses SC vulnerabilities and classifies them according to the domain knowledge of the faulty operations, reminding developers and software engineers that for SC’s safety, each SC requires proper testing with effective tools to catch those classes’ vulnerabilities.

Slither: A Static Analysis Framework for Smart Contracts

It is shown that Slither's bug detection is fast, accurate, and outperforms other static analysis tools at finding issues in Ethereum smart contracts in terms of speed, robustness, and balance of detection and false positives.



A Semantic Framework for the Security Analysis of Ethereum smart contracts

The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.

KEVM: A Complete Semantics of the Ethereum Virtual Machine

KEVM is presented, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed, in a framework for executable semantics, the K framework, and it is shown that the approach is feasible and not computationally restrictive.

Formal Verification of Smart Contracts: Short Paper

This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification.

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.

ZEUS: Analyzing Safety of Smart Contracts

This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety.

A Survey of Attacks on Ethereum Smart Contracts (SoK)

This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Findel: Secure Derivative Contracts for Ethereum

Findel is introduced – a purely declarative financial domain-specific language well suited for implementation in blockchain networks and an Ethereum smart contract is implemented that acts as a marketplace for Findel contracts and is implemented.

Obsidian: A Safer Blockchain Programming Language

  • Michael J. Coblenz
  • Computer Science
    2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C)
  • 2017
A new programming language, Obsidian, is proposed to make it easier for programmers to write correct programs on blockchain systems, because bugs in Solidity programs have recently been exploited to steal money.

Defining the Ethereum Virtual Machine for Interactive Theorem Provers

  • Yoichi Hirai
  • Computer Science, Mathematics
    Financial Cryptography Workshops
  • 2017
This work defined EVM in Lem, a language that can be compiled for a few interactive theorem provers, which is the first formal EVM definition for smart contract verification that implements all instructions.

MedRec: Using Blockchain for Medical Data Access and Permission Management

This paper proposes MedRec: a novel, decentralized record management system to handle EMRs, using blockchain technology, and incentivizes medical stakeholders to participate in the network as blockchain “miners”, enabling the emergence of data economics.