2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2019
DOI: 10.1109/ase.2019.00133
|View full text |Cite
|
Sign up to set email alerts
|

Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts

Abstract: An effective way to maximize code coverage in software tests is through dynamic symbolic execution-a technique that uses constraint solving to systematically explore a program's state space. We introduce an open-source dynamic symbolic execution framework called Manticore for analyzing binaries and Ethereum smart contracts. Manticore's flexible architecture allows it to support both traditional and exotic execution environments, and its API allows users to customize their analysis. Here, we discuss Manticore's… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
129
0
2

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 255 publications
(132 citation statements)
references
References 11 publications
1
129
0
2
Order By: Relevance
“…OYENTE applies symbolic execution (SE) to interpret the bytecode of smart contracts, and it can discover four kinds of vulnerabilities [8]. Manticore [9], MAIAN [11] and MythX [10] also leverages SE to discover vulnerabilities with different implementations and focus on different kinds of vulnerabilities. ETHRACER applies SE and partial-order reduction to discover event-ordering bugs arising from the unexpected ordering of events [16].…”
Section: B Offline Approachesmentioning
confidence: 99%
See 2 more Smart Citations
“…OYENTE applies symbolic execution (SE) to interpret the bytecode of smart contracts, and it can discover four kinds of vulnerabilities [8]. Manticore [9], MAIAN [11] and MythX [10] also leverages SE to discover vulnerabilities with different implementations and focus on different kinds of vulnerabilities. ETHRACER applies SE and partial-order reduction to discover event-ordering bugs arising from the unexpected ordering of events [16].…”
Section: B Offline Approachesmentioning
confidence: 99%
“…The inherent limitations of the selected techniques is another reason. For instance, symbolic-execution-based tools, such as OYENTE [8], Manticore [9], MythX [10], MAIAN [11], Osiris [15] may not discover all vulnerabilities due to path explosion. As another example, ContractFuzzer [12] is unlikely to reveal all vulnerabilities due to the low code coverage of black-box fuzzing.…”
Section: B Offline Approachesmentioning
confidence: 99%
See 1 more Smart Citation
“…Related Works. There is a surge of interest in analyzing and verifying smart contracts [32,12,24,28,26,9,25,31,21,44,20,22,38,36,4,34,43,19,30,35,29,23,46,14]. Some of the existing works focus on EVM [2,47] (Ethereum Virtual Machine).…”
Section: Introductionmentioning
confidence: 99%
“…A key limitation in the advancement of binary analysis and other approaches to improving software security and reliability is that there is very little overlap between security experts familiar with tools such as angr [34], [35], [33], Manticore [27], or S2E [9], and the developers who produce most code that needs to be secure or highly reliable.…”
Section: Introductionmentioning
confidence: 99%