Jialiang Chang scite author profile

Jialiang Chang

5Publications

79Citation Statements Received

43Citation Statements Given

How they've been cited

101

How they cite others

108

Affiliations

Western Michigan University

Publications

Order By: Most citations

sCompile: Critical Path Identification and Analysis for Smart Contracts

Chang

Gao

Xiao

et al. 2019

View full text Add to dashboard Cite

Smart contracts are an innovation built on top of the blockchain technology. It provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way, which has the potential to revolutionize many industries. The most popular programming language for creating smart contracts is called Solidity, which is supported by Ethereum. Like ordinary programs, Solidity programs may contain vulnerabilities, which potentially lead to attacks. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched easily once deployed. It is thus important that smart contracts are checked against potential vulnerabilities.Existing approaches tackle the problem by developing methods which aim to automatically analyze or verify smart contracts. Such approaches often results in false alarms or poor scalability, fundamentally because Solidity is Turing-complete. In this work, we propose an alternative approach to automatically identify critical program paths (with multiple function calls including inter-contract function calls) in a smart contract, rank the paths according to their criticalness, discard them if they are infeasible or otherwise present them with user friendly warnings for user inspection. We identify paths which involve monetary transaction as critical paths, and prioritize those which potentially violate important properties. For scalability, symbolic execution techniques are only applied to top ranked critical paths. Our approach has been implemented in a tool called sCompile, which has been applied to 36,099 smart contracts. The experiment results show that sCompile is efficient, i.e., 5 seconds on average for one smart contract. Furthermore, we show that many known vulnerability can be captured if the user inspects as few as 10 program paths generated by sCompile. Lastly, sCompile discovered 224 unknown vulnerabilities with a false positive rate of 15.4% before user inspection.

show abstract

sCompile: Critical Path Identification and Analysis for Smart Contracts

Chang

Gao

Xiao

et al. 2018

Preprint

View full text Add to dashboard Cite

GUICat: GUI testing as a service

Cheng

Chang

Yang

et al. 2016

View full text Add to dashboard Cite

Automated Testing of Definition-Use Data Flow for Multithreaded Programs

Zhang

Yang

Zheng

et al. 2017

View full text Add to dashboard Cite

Memory Distance Measurement for Concurrent Programs

Chang

Yang

et al. 2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jialiang Chang

sCompile: Critical Path Identification and Analysis for Smart Contracts

sCompile: Critical Path Identification and Analysis for Smart Contracts

GUICat: GUI testing as a service

Automated Testing of Definition-Use Data Flow for Multithreaded Programs

Memory Distance Measurement for Concurrent Programs

Contact Info

Product

Resources

About