Oyente: Making Smart Contracts Smarter

Slides:



Advertisements
Similar presentations
Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
Advertisements

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
SMU SRG reading by Tey Chee Meng: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications by David Brumley, Pongsin Poosankam,
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
1 Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan.
Economic Perspectives in Test Automation: Balancing Automated and Manual Testing with Opportunity Cost Paper By – Rudolf Ramler and Klaus Wolfmaier Presented.
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Names and Scopes CS 351. Program Binding We should be familiar with this notion. A variable is bound to a method or current block e.g in C++: namespace.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
1 Advanced Material The following slides contain advanced material and are optional.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.
Microsoft ® Official Course Monitoring and Troubleshooting Custom SharePoint Solutions SharePoint Practice Microsoft SharePoint 2013.
On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.
15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.
Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.
Simulation is the process of studying the behavior of a real system by using a model that replicates the behavior of the system under different scenarios.
Week IV in SOS  Tuesday Project Time -- 4:15pm-5pm URL for project(s) due to Judy by Friday 5pm  Friday Paper  OOAD Handouts thru last Thursday (see.
Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out.
Smart Contracts and Ethereum
Prepared by: Fatih Kızkun
ReportWorX vs. ReportWorX Express
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Adaptive Android Kernel Live Patching
Names and Attributes Names are a key programming language feature
Static Detection of Cross-Site Scripting Vulnerabilities
Chapter 8 – Software Testing
CS5123 Software Validation and Quality Assurance
Secure Software Development: Theory and Practice
Introduction to Information Security
Yongle Zhang, Serguei Makarov, Xiang Ren, David Lion, Ding Yuan
TriggerScope Towards Detecting Logic Bombs in Android Applications
CS 108 Computing Fundamental Notes for Thursday, October 5, 2017
Symbolic Execution Tools for Software Testing
RDE: Replay DEbugging for Diagnosing Production Site Failures
So what is Blockchain anyway?
Amir Kamil and Katherine Yelick
TriggerScope Towards detecting logic bombs in android applications
Selection CIS 40 – Introduction to Programming in Python
LPSAT: A Unified Approach to RTL Satisfiability
The Pentester’s View on Blockchain Projects
Exception Handling.
Automation Of Software Test
Adversarial Evasion-Resilient Hardware Malware Detectors
Fundamental Error Handling
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Hyesoon Kim Onur Mutlu Jared Stark* Yale N. Patt
RHMD: Evasion-Resilient Hardware Malware Detectors
Mid Term II Review.
VUzzer: Application-aware Evolutionary Fuzzing
Bitcoin & Blockchain Bina Ramamurthy 2/22/2019.
Overview of the Lab 2 Assignment: Multicore Real-Time Tasks
A Conceptual Model for Ethereum Blockchain Analytics
Amir Kamil and Katherine Yelick
Chris Gill CSE 522S – Advanced Operating Systems
CSC-682 Advanced Computer Security
Min Heap Update E.g. remove smallest item 1. Pop off top (smallest) 3
CS5123 Software Validation and Quality Assurance
Ethereum Virtual Machine
Analysing Vulnerabilities in Smart Contracts
White Box testing & Inspections
Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts
A Conceptual Model for Ethereum Blockchain Analytics
Software Testing.
Lecture 23 NP-Hard Problems
Presentation transcript:

Oyente: Making Smart Contracts Smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel Prateek Saxena, Aquinas Hobor National University of Singapore, Yale-NUS College

Programming securely is hard “Security can be no stronger than its weakest link”

Programming Secure Smart Contracts is Harder Smart contracts !=normal programs Self-executed One-shot programs Cannot patch New language Solidity != JavaScript Serpent != Python

Questions? Are there other bugs? How many contracts are vulnerable? Apart from call-stack and reentrancy? How many contracts are vulnerable?

Challenges Contracts code are not always available Too many contracts Manual analysis is impossible 6060604052604051610250380380610250833981016040528........ PUSH 60 PUSH 40 MSTORE PUSH 0 CALLDATALOAD PUSH 100000000000... SWAP1 DIV .....

Contribution Identify New Smart Contract Bugs Transaction Ordering Dependence (TOD) Timestamp Dependence Oyente: An analyzer for smart contracts Use symbolic execution Detect all popular bugs TOD Timestamp dependence Reentrancy Mishandling exceptions (e.g. send) Flags 8836/ 19366 contracts as vulnerable As of May 2016

New Smart Contract Bugs Transaction Ordering Dependence

Example: Puzzle Solver PuzzleSolver Contract Balance: 100 PuzzleSolver() SetPuzzle reward=100 Anyone can submit a solution to claim the reward SubmitSolution(solution) if isCorrect(solution): Send(reward) Owner can update the reward anytime UpdateReward(newReward) reward=newReward

Scenario 1: SubmitSolution is trigerred +100 PuzzleSolver Contract Balance: 100 Balance: 0 PuzzleSolver() SetDifficulty reward=100 Random TXs Solution for Puzzle Block Random TXs SubmitSolution Other TXs Other TXs SubmitSolution(solution) if isCorrect(solution): Send(reward) UpdateReward(newReward) reward=newReward Miners

Scenario 2: Both SubmitSolution and UpdateReward are triggered +0 PuzzleSolver Contract Balance:100 Balance: 0 PuzzleSolver() SetDifficulty reward=100 Update Reward to $0! Solution for Puzzle Block UpdateReward = 0 SubmitSolution Other TXs SubmitSolution(solution) if isCorrect(solution): Send(reward) Other TXs UpdateReward(newReward) reward=newReward Miners

Transaction Ordering Dependence Observed state != execution state The expectation of the state of the contract may not be true during execution. Miners decide the order of TXs Can be coincidence Two transactions happen at the same time Update Reward to $0! Solution for Puzzle Other TXs

Transaction Ordering Dependence Observed state != execution state The expectation of the state of the contract may not be true during execution. Miners decide the order of TXs Can be coincidence Two transactions happen at the same time Can be malicious Saw the targeted TX from the victim Submit the second TX to update the reward Both TXs enter the race Update Reward to $0! Solution for Puzzle Other TXs

New Smart Contract Bugs Timestamp Dependence

randomness = F(timestamp) Contract: TheRun randomness = F(timestamp)

Contract: PonziGovernmentMental

Timestamp can be manipulated Miners can vary the block timestamp Bias the output of contract execution to their benefit Timed puzzles, time-based RNGs block.timestamp <= now + 900 && block.timestamp >= parent.timestamp

Oyente: An Analyzer for Smart Contracts

Architecture Based on symbolic execution Have separate modules Can add more analysis separately 6060604052123123123528..... CFG BUILDER Visualizer ByteCode Ethereum State EXPLORER CORE ANALYSIS VALIDATOR Z3 Bit-Vector Solver

Symbolic Execution Symbolic Formula Inputs Is there any value of x? Theorem Prover NO YES Control Flow Graph Execution Trace

What Can Oyente Do? Detect Bugs In Existing Smart Contracts Run with 19, 366 contracts 30 mins timeout per contract Test generation Cover all possible paths of each program F T

Oyente is Open Source https://github.com/ethereum/oyente Future work Support more opcodes Handle loops Combine static and dynamic symbolic executions

More in the papers Solutions for all bugs Details of Oyente’s design Semantic changes Details of Oyente’s design Some interesting statistics All smart contracts Evaluation results

loiluu@comp.nus.edu.sg loi_luu Thanks! loiluu@comp.nus.edu.sg loi_luu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.