Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oyente: Making Smart Contracts Smarter

Published byBernice Jasmine Booth Modified over 6 years ago

Similar presentations

Presentation on theme: "Oyente: Making Smart Contracts Smarter"— Presentation transcript:

1 Oyente: Making Smart Contracts Smarter
Loi Luu, Duc-Hiep Chu, Hrishi Olickel Prateek Saxena, Aquinas Hobor National University of Singapore, Yale-NUS College

2 Programming securely is hard
“Security can be no stronger than its weakest link”

3 Programming Secure Smart Contracts is Harder
Smart contracts !=normal programs Self-executed One-shot programs Cannot patch New language Solidity != JavaScript Serpent != Python

4

5 Questions? Are there other bugs? How many contracts are vulnerable?
Apart from call-stack and reentrancy? How many contracts are vulnerable?

6 Challenges Contracts code are not always available Too many contracts
Manual analysis is impossible PUSH 60 PUSH 40 MSTORE PUSH 0 CALLDATALOAD PUSH SWAP1 DIV .....

7 Contribution Identify New Smart Contract Bugs
Transaction Ordering Dependence (TOD) Timestamp Dependence Oyente: An analyzer for smart contracts Use symbolic execution Detect all popular bugs TOD Timestamp dependence Reentrancy Mishandling exceptions (e.g. send) Flags 8836/ contracts as vulnerable As of May 2016

8 New Smart Contract Bugs
Transaction Ordering Dependence

9 Example: Puzzle Solver
PuzzleSolver Contract Balance: 100 PuzzleSolver() SetPuzzle reward=100 Anyone can submit a solution to claim the reward SubmitSolution(solution) if isCorrect(solution): Send(reward) Owner can update the reward anytime UpdateReward(newReward) reward=newReward

10 Scenario 1: SubmitSolution is trigerred
+100 PuzzleSolver Contract Balance: 100 Balance: 0 PuzzleSolver() SetDifficulty reward=100 Random TXs Solution for Puzzle Block Random TXs SubmitSolution Other TXs Other TXs SubmitSolution(solution) if isCorrect(solution): Send(reward) UpdateReward(newReward) reward=newReward Miners

11 Scenario 2: Both SubmitSolution and UpdateReward are triggered
+0 PuzzleSolver Contract Balance:100 Balance: 0 PuzzleSolver() SetDifficulty reward=100 Update Reward to $0! Solution for Puzzle Block UpdateReward = 0 SubmitSolution Other TXs SubmitSolution(solution) if isCorrect(solution): Send(reward) Other TXs UpdateReward(newReward) reward=newReward Miners

12 Transaction Ordering Dependence
Observed state != execution state The expectation of the state of the contract may not be true during execution. Miners decide the order of TXs Can be coincidence Two transactions happen at the same time Update Reward to $0! Solution for Puzzle Other TXs

13 Transaction Ordering Dependence
Observed state != execution state The expectation of the state of the contract may not be true during execution. Miners decide the order of TXs Can be coincidence Two transactions happen at the same time Can be malicious Saw the targeted TX from the victim Submit the second TX to update the reward Both TXs enter the race Update Reward to $0! Solution for Puzzle Other TXs

14 New Smart Contract Bugs
Timestamp Dependence

15 randomness = F(timestamp)
Contract: TheRun randomness = F(timestamp)

16 Contract: PonziGovernmentMental

17 Timestamp can be manipulated
Miners can vary the block timestamp Bias the output of contract execution to their benefit Timed puzzles, time-based RNGs block.timestamp <= now && block.timestamp >= parent.timestamp

18 Oyente: An Analyzer for Smart Contracts

19 Architecture Based on symbolic execution Have separate modules
Can add more analysis separately CFG BUILDER Visualizer ByteCode Ethereum State EXPLORER CORE ANALYSIS VALIDATOR Z3 Bit-Vector Solver

20 Symbolic Execution Symbolic Formula Inputs Is there any value of x?
Theorem Prover NO YES Control Flow Graph Execution Trace

21 What Can Oyente Do? Detect Bugs In Existing Smart Contracts
Run with 19, 366 contracts 30 mins timeout per contract Test generation Cover all possible paths of each program F T

22 Oyente is Open Source https://github.com/ethereum/oyente Future work
Support more opcodes Handle loops Combine static and dynamic symbolic executions

23 More in the papers Solutions for all bugs Details of Oyente’s design
Semantic changes Details of Oyente’s design Some interesting statistics All smart contracts Evaluation results

24 loiluu@comp.nus.edu.sg loi_luu
Thanks! loi_luu

Download ppt "Oyente: Making Smart Contracts Smarter"

Similar presentations

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
SMU SRG reading by Tey Chee Meng: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications by David Brumley, Pongsin Poosankam,

SMU SRG reading by Tey Chee Meng: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications by David Brumley, Pongsin Poosankam,
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.

Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
1 Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan.

1 Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan.

1 Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan.
Economic Perspectives in Test Automation: Balancing Automated and Manual Testing with Opportunity Cost Paper By – Rudolf Ramler and Klaus Wolfmaier Presented.

Economic Perspectives in Test Automation: Balancing Automated and Manual Testing with Opportunity Cost Paper By – Rudolf Ramler and Klaus Wolfmaier Presented.
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.

Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Names and Scopes CS 351. Program Binding We should be familiar with this notion. A variable is bound to a method or current block e.g in C++: namespace.

Names and Scopes CS 351. Program Binding We should be familiar with this notion. A variable is bound to a method or current block e.g in C++: namespace.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.

TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.
Microsoft ® Official Course Monitoring and Troubleshooting Custom SharePoint Solutions SharePoint Practice Microsoft SharePoint 2013.

Microsoft ® Official Course Monitoring and Troubleshooting Custom SharePoint Solutions SharePoint Practice Microsoft SharePoint 2013.
On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.

On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.
15-740/18-740 Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

Similar presentations

Ads by Google