Securify: Practical Security Analysis of Smart Contracts

@article{Tsankov2018SecurifyPS,
  title={Securify: Practical Security Analysis of Smart Contracts},
  author={Petar Tsankov and Andrei Marian Dan and Dana Drachsler-Cohen and Arthur Gervais and Florian Buenzli and Martin T. Vechev},
  journal={Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
  year={2018}
}
Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with… Expand
Security Analysis of Smart Contracts in Datalog
TLDR
Securify is a scalable and fully automated security analyzer for Ethereum smart contracts that symbolically encodes relevant control- and data-flow dependencies in stratified Datalog and uses scalable Datalogs solvers to derive key semantic facts about the contract. Expand
Ethainter: a smart contract security analyzer for composite vulnerabilities
TLDR
Ethainter is introduced, a security analyzer checking information flow with data sanitization in smart contracts, which identifies composite attacks that involve an escalation of tainted information, through multiple transactions, leading to severe violations. Expand
A Semantic Framework for the Security Analysis of Ethereum smart contracts
TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite. Expand
VeriSolid: Correct-by-Design Smart Contracts for Ethereum
TLDR
The VeriSolid framework for the formal verification of contracts that are specified using a transition-system based model with rigorous operational semantics allows developers to reason about and verify contract behavior at a high level of abstraction. Expand
SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically
TLDR
This work develops an approach which automatically transforms smart contracts so that they are provably free of 4 common kinds of vulnerabilities, and applies runtime verification in an efficient and provably correct manner. Expand
Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks
TLDR
Sereum is proposed, a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Expand
SMARTSHIELD: Automatic Smart Contract Protection Made Easy
TLDR
SMARTSHIELD, a bytecode rectification system, is proposed to fix three typical security-related bugs in smart contracts automatically and help developers release secure contracts and guarantees that the rectified contract is not only immune to certain attacks but also gas-friendly. Expand
eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts
TLDR
This work presents eThor, the first sound and automated static analyzer for EVM bytecode, which is based on an abstraction of the EVMbytecode semantics based on Horn clauses, and demonstrates that eThor is practical and outperforms the state-of-the-art static analyzers. Expand
Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity
TLDR
This work develops a formal semantics for Solidity which provides a formal specification of smart contracts to define semantic-level security properties for the high-level verification and defines correct and secure high- level execution behaviours ofSmart contracts to reason about compiler bugs and assist developers in writing secure smart contracts. Expand
A Generalized Formal Semantic Framework for Smart Contracts
TLDR
This work proposes a generalized formal semantic framework based on a general semantic model of smart contracts that can directly handle smart contracts written in different high-level programming languages through semantic extensions and facilitates the formal verification of security properties with the generated semantics. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 47 REFERENCES
A Semantic Framework for the Security Analysis of Ethereum smart contracts
TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite. Expand
Formal Verification of Smart Contracts: Short Paper
TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification. Expand
Making Smart Contracts Smarter
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. Expand
ZEUS: Analyzing Safety of Smart Contracts
TLDR
This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. Expand
KEVM: A Complete Semantics of the Ethereum Virtual Machine
TLDR
KEVM is presented, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed, in a framework for executable semantics, the K framework, and it is shown that the approach is feasible and not computationally restrictive. Expand
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
TLDR
Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits. Expand
A Survey of Attacks on Ethereum Smart Contracts (SoK)
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage. Expand
Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts
TLDR
Hawk is a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public's view, and is the first to formalize the blockchain model of cryptography. Expand
Under-optimized smart contracts devour your money
TLDR
This work conducts the first investigation on Solidity, the recommended compiler, and reveals that it fails to optimize gas- costly programming patterns, and proposes and develops GASPER, a new tool for automatically locating gas-costly patterns by analyzing smart contracts' bytecodes. Expand
KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine
TLDR
KEVM is presented, an executable formal specification of the EVM's bytecode stack-based language built with the K Framework, designed to serve as a solid foundation for further formal analyses and to demonstrate the usability of the semantics. Expand
...
1
2
3
4
5
...