SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds

  title={SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds},
  author={Priyankar Bose and Dipanjan Das and Yanju Chen and Yu Feng and Christopher Kruegel and Giovanni Vigna},
  journal={2022 IEEE Symposium on Security and Privacy (SP)},
This paper presents SAILFISH, a scalable system for automatically finding state-inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid approach that includes (i) a light-weight exploration phase that dramatically reduces the number of instructions to analyze, and (ii) a precise refinement phase based on symbolic evaluation guided by our novel value-summary analysis, which generates extra constraints to over-approximate the side effects of whole-program… 
Practical Mitigation of Smart Contract Bugs
This paper proposes the first practical smart contract compiler, called HCC, which automatically inserts security hardening checks at the source-code level, and demonstrates the effectiveness of this approach on Ethereum's Solidity smart contracts and shows that it efficiently mitigates reentrancy and integer bugs.
Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork
This paper analyzes the execution traces of 922 562 transactions on the Ethereum blockchain to identify transactions, which may be associated with frontrunning and MEV bots, that exhibit some of the design patterns also employed as part of the herein presented attack.
BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects
This paper proposes BlockScope, a novel tool that can effectively and efficiently detect multiple types of cloned vulnerabilities given an input of existing Bitcoin/Ethereum security patches, and reveals three types of vulnerability propagation from source to forked projects.
An Overview of the Research in the Security Issues of Ethereum Ecosystem
This work presents a review of the security issues in the Ethereum ecosystem and explains why a smart contract can hold millions of dollars as cryptocurrency, so these security vulnerabilities can lead to losses.
Understanding Security Issues in the NFT Ecosystem
Non-Fungible tokens have witnessed several high-profile asset sales and a tremendous growth in trading volumes over the last year, but these marketplaces have not yet re-ceived much security scrutiny.


Slither: A Static Analysis Framework for Smart Contracts
It is shown that Slither's bug detection is fast, accurate, and outperforms other static analysis tools at finding issues in Ethereum smart contracts in terms of speed, robustness, and balance of detection and false positives.
Summary-Based Symbolic Evaluation for Smart Contracts
  • Yu Feng, E. Torlak, R. Bodík
  • Computer Science
    2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2020
To make the synthesis tractable, a query language as well as summary-based symbolic evaluation is introduced, which significantly reduces the number of instructions that the synthesizer needs to evaluate symbolically, without compromising the precision of the vulnerability query.
Exploiting the laws of order in smart contracts
EthRacer, an automatic analysis tool that runs directly on Ethereum bytecode and requires no hints from users, is built, providing compact event traces (witnesses) that human analysts can examine in only a few minutes per contract.
Targeted Greybox Fuzzing with Static Lookahead Analysis
A novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified parts of the program.
SmartCheck: Static Analysis of Ethereum Smart Contracts
The paper provides a comprehensive classification of code issues in Solidity and implements SmartCheck -- an extensible static analysis tool that detects them and reflects the current state of knowledge on Solidity vulnerabilities and shows significant improvements over alternatives.
ZEUS: Analyzing Safety of Smart Contracts
This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety.
Gigahorse: Thorough, Declarative Decompilation of Smart Contracts
Gigahorse offers a full-featured toolchain for further analyses (and a ``batteries included'' approach, with multiple clients already implemented), together with the highest performance and scalability, and uses a declarative, logic-based specification, which allows high-level insights to inform low-level decompilation.
eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts
This work presents eThor, the first sound and automated static analyzer for EVM bytecode, which is based on an abstraction of the EVMbytecode semantics based on Horn clauses, and demonstrates that eThor is practical and outperforms the state-of-the-art static analyzers.
Statically-directed dynamic automated test generation
A new technique for exploiting static analysis to guide dynamic automated test generation for binary programs, prioritizing the paths to be explored and showing that static analysis allows exploration to reach vulnerabilities it otherwise would not, and the generated test inputs prove that the static warnings indicate true positives.
Securify: Practical Security Analysis of Smart Contracts
An extensive evaluation of Securify over real-world Ethereum smart contracts is presented and it is demonstrated that it can effectively prove the correctness of smart contracts and discover critical violations.