Corpus ID: 52190385

Vandal: A Scalable Security Analysis Framework for Smart Contracts

@article{Brent2018VandalAS,
  title={Vandal: A Scalable Security Analysis Framework for Smart Contracts},
  author={Lexi Brent and Anton Jurisevic and Michael Kong and Eric Liu and François Gauthier and Vincent Gramoli and Ralph Holz and Bernhard Scholz},
  journal={ArXiv},
  year={2018},
  volume={abs/1809.03981}
}
The rise of modern blockchains has facilitated the emergence of smart contracts: autonomous programs that live and run on the blockchain. Smart contracts have seen a rapid climb to prominence, with applications predicted in law, business, commerce, and governance. Smart contracts are commonly written in a high-level language such as Ethereum's Solidity, and translated to compact low-level bytecode for deployment on the blockchain. Once deployed, the bytecode is autonomously executed, usually… Expand
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
TLDR
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues. Expand
A Study of Static Analysis Tools for Ethereum Smart Contracts
Blockchain technology has been receiving considerable attention from industry and academia, for it promises to disrupt the digital online world by enabling a democratic, open, and scalable digitalExpand
Annotary: A Concolic Execution System for Developing Secure Smart Contracts
TLDR
Annotary is presented, a concolic execution framework to analyze smart contracts for vulnerabilities, supported by annotations which developers write directly in the Solidity source code and combines symbolic execution of EVM bytecode with a resolution of concrete values from the public Ethereum blockchain. Expand
Smart Contract: Attacks and Protections
TLDR
It is revealed that even adopting the 10 most widely used tools to detect smart contract vulnerabilities, these still contain known vulnerabilities, providing a dangerously false sense of security. Expand
VeriSolid: Correct-by-Design Smart Contracts for Ethereum
TLDR
The VeriSolid framework for the formal verification of contracts that are specified using a transition-system based model with rigorous operational semantics allows developers to reason about and verify contract behavior at a high level of abstraction. Expand
SMARTSHIELD: Automatic Smart Contract Protection Made Easy
TLDR
SMARTSHIELD, a bytecode rectification system, is proposed to fix three typical security-related bugs in smart contracts automatically and help developers release secure contracts and guarantees that the rectified contract is not only immune to certain attacks but also gas-friendly. Expand
Towards Principled Compilation of Ethereum Smart Contracts (SoK)
  • E. J. G. Arias
  • Computer Science
  • 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS)
  • 2019
TLDR
The main barriers to lift in order to achieve a principled compilation strategy for Solidity are explored and the standard concepts on verified and secure compilation are reviewed, and frame them in the context of the Ethereum platform. Expand
SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns' Detection
TLDR
A static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries, which outperforms other analyzers and detected up to 90% of the known vulnerability patterns. Expand
Overview of the Languages for Safe Smart Contract Programming
TLDR
An overview of smart contract programming languages design principles, related vulnerabilities, and future research areas is provided to outline the to date state of languages and to become a possible basis for future proceedings. Expand
A Survey of Security Vulnerabilities in Ethereum Smart Contracts
TLDR
Eight vulnerabilities that are specific to the application level of BT are explained by analyzing the past exploitation case scenarios of these security vulnerabilities by investigating the availability of detection tools for identifying these vulnerabilities and lack thereof. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 35 REFERENCES
A Semantic Framework for the Security Analysis of Ethereum smart contracts
TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite. Expand
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach
TLDR
FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM), is introduced and a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts is presented. Expand
Formal Verification of Smart Contracts: Short Paper
TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification. Expand
Making Smart Contracts Smarter
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. Expand
KEVM: A Complete Semantics of the Ethereum Virtual Machine
TLDR
KEVM is presented, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed, in a framework for executable semantics, the K framework, and it is shown that the approach is feasible and not computationally restrictive. Expand
Towards verifying ethereum smart contract bytecode in Isabelle/HOL
TLDR
This paper extends an existing EVM formalisation in Isabelle/HOL by a sound program logic at the level of bytecode that structure bytecode sequences into blocks of straight-line code and create a program logic to reason about these. Expand
ZEUS: Analyzing Safety of Smart Contracts
TLDR
This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. Expand
MadMax: surviving out-of-gas conditions in Ethereum smart contracts
TLDR
MadMax is presented: a static program analysis technique to automatically detect gas-focused vulnerabilities with very high confidence and achieves high precision and scalability. Expand
Under-optimized smart contracts devour your money
TLDR
This work conducts the first investigation on Solidity, the recommended compiler, and reveals that it fails to optimize gas- costly programming patterns, and proposes and develops GASPER, a new tool for automatically locating gas-costly patterns by analyzing smart contracts' bytecodes. Expand
A Survey of Attacks on Ethereum Smart Contracts (SoK)
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage. Expand
...
1
2
3
4
...