Corpus ID: 208222424

EtherTrust: Sound Static Analysis of Ethereum bytecode

@inproceedings{Grishchenko2018EtherTrustSS,
  title={EtherTrust: Sound Static Analysis of Ethereum bytecode},
  author={Ilya Grishchenko and Matteo Maffei and Clara Schneidewind},
  year={2018}
}
Ethereum has emerged as the most popular smart contract development platform, with hundreds of thousands of contracts stored on the blockchain and covering a variety of application scenarios, such as auctions, trading platforms, and so on. Given their financial nature, the security of these contracts is of paramount importance, as exemplified by recent attacks exploiting programming mistakes to freeze or steal millions of dollars (e.g., the DAO and Parity attacks). An automated security… Expand
A Survey on Ethereum Systems Security
TLDR
This work systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses, and draws insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions. Expand
A Framework and DataSet for Bugs in Ethereum Smart Contracts
TLDR
This paper collects as many smart contract bugs as possible from multiple sources and divides these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies, and designs the criteria for detecting each kind of bugs, and constructs a dataset of smart contracts covering all kinds of bugs. Expand
Formalising and verifying smart contracts with Solidifier: a bounded model checker for Solidity
TLDR
A formalisation of Solidity and the Ethereum blockchain using the Solid language and its blockchain is presented; a Solid program is obtained by explicating/desugaring a Solidity program and some abstractions are made that over-approximate the way in which Solidity/Ethereum behave. Expand
Solidifier: bounded model checking solidity using lazy contract deployment and precise memory modelling
TLDR
An encoding of Solidity and the Ethereum blockchain is presented using Boogie, an intermediate verification language, and Solidifier is created, a bounded model checker for Solidity that helps find errors/bad states that might be reached through behaviours that might not follow such a pattern. Expand
A Survey of Tools for Analyzing Ethereum Smart Contracts
  • Monika Di Angelo, G. Salzer
  • Computer Science
  • 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON)
  • 2019
TLDR
This survey investigates 27 tools for analyzing Ethereum smart contracts regarding availability, maturity level, methods employed, and detection of security issues. Expand
A Survey on Vulnerabilities of Ethereum Smart Contracts
TLDR
This paper discusses SC vulnerabilities and classifies them according to the domain knowledge of the faulty operations, reminding developers and software engineers that for SC’s safety, each SC requires proper testing with effective tools to catch those classes’ vulnerabilities. Expand
Ethereum Smart Contracts: Vulnerabilities and their Classifications
Smart contract (SC) is an extension of BlockChain technology. Ethereum BlockChain was the first to incorporate SC and thus started a new era of crypto-currencies and electronic transactions. SolidityExpand
Slither: A Static Analysis Framework for Smart Contracts
TLDR
It is shown that Slither's bug detection is fast, accurate, and outperforms other static analysis tools at finding issues in Ethereum smart contracts in terms of speed, robustness, and balance of detection and false positives. Expand
Smart Contract Development: Challenges and Opportunities
TLDR
This study focuses exclusively on this subset of smart contracts, and suggests several directions that researchers and practitioners can work on to help improve developers’ experience on developing high-quality smart contracts. Expand
TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum
TLDR
A novel approach to automatically detect inconsistent token behaviors with regard to ERC-20, the most popular token standard is proposed by contrasting the behaviors derived from three different sources, including the manipulations of core data structures recording the token holders and their shares. Expand
...
1
2
...

References

SHOWING 1-10 OF 24 REFERENCES
A Semantic Framework for the Security Analysis of Ethereum smart contracts
TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite. Expand
KEVM: A Complete Semantics of the Ethereum Virtual Machine
TLDR
KEVM is presented, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed, in a framework for executable semantics, the K framework, and it is shown that the approach is feasible and not computationally restrictive. Expand
Formal Verification of Smart Contracts: Short Paper
TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification. Expand
Making Smart Contracts Smarter
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. Expand
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
TLDR
Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits. Expand
ZEUS: Analyzing Safety of Smart Contracts
TLDR
This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. Expand
Towards verifying ethereum smart contract bytecode in Isabelle/HOL
TLDR
This paper extends an existing EVM formalisation in Isabelle/HOL by a sound program logic at the level of bytecode that structure bytecode sequences into blocks of straight-line code and create a program logic to reason about these. Expand
A Survey of Attacks on Ethereum Smart Contracts (SoK)
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage. Expand
Findel: Secure Derivative Contracts for Ethereum
TLDR
Findel is introduced – a purely declarative financial domain-specific language well suited for implementation in blockchain networks and an Ethereum smart contract is implemented that acts as a marketplace for Findel contracts and is implemented. Expand
Obsidian: A Safer Blockchain Programming Language
  • Michael J. Coblenz
  • Computer Science
  • 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C)
  • 2017
TLDR
A new programming language, Obsidian, is proposed to make it easier for programmers to write correct programs on blockchain systems, because bugs in Solidity programs have recently been exploited to steal money. Expand
...
1
2
3
...