sCompile: Critical Path Identification and Analysis for Smart Contracts

Chang, Jialiang; Gao, Bo; Xiao, H.; Sun, Jun; Cai, Yan; Yang, Zijiang

doi:10.1007/978-3-030-32409-4_18

Cited by 75 publications

(72 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…teEther leverages SE to discover vulnerabilities and generate transactions which can attack vulnerable smart contracts [65]. sCompile ranks the program paths according to their criticalness, and applies SE to discover vulnerabilities by exploring the topranked critical paths [14]. ContractFuzzer leverages fuzzing to reveal vulnerabilities [12].…”

Section: B Offline Approachesmentioning

confidence: 99%

SODA: A Generic Online Detection Framework for Smart Contracts

Chen

Cao

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Unfortunately, existing offline approaches for discovering the vulnerabilities in smart contracts or checking the correctness of smart contracts cannot conduct online detection of attacking transactions. Besides, existing online approaches only focus on specific attacks and cannot be easily extended to detect other attacks. Moreover, developing a new online detection system for smart contracts from scratch is time-consuming and requires deep understanding of blockchain internals, thus making it difficult to quickly implement and deploy mechanisms to detect new attacks. In this paper, we propose a novel generic online detection framework named SODA for smart contracts on any blockchains that support Ethereum virtual machine (EVM). SODA distinguishes itself from existing online approaches through its capability, efficiency, and compatibility. First, SODA empowers users to easily develop apps for detecting various attacks online (i.e., when attacks happen) by separating information collection and attack detection with layered design. At the higher layer, SODA provides unified interfaces to develop detection apps against various attacks. At the lower layer, SODA instruments EVM to collect all primitive information necessary to detect various attacks and constructs 11 kinds of structural information for the ease of developing apps. Based on SODA, users can develop new apps in a few lines of code without modifying EVM. Second, SODA is efficient, because we design on-demand information retrieval to reduce the overhead of information collection and adopt dynamic linking to eliminate the overhead of inter-process communication. Such design allows users to develop detection apps using any programming languages that can generate dynamic link libraries. Third, since more and more blockchains adopt EVM as smart contract runtime, SODA can be easily migrated to such blockchains without modifying apps. Based on SODA, we develop 8 detection apps to detect the attacks exploiting major vulnerabilities in smart contracts, and integrate SODA (including all apps) into 3 popular blockchains: Ethereum, Expanse and Wanchain. The extensive experimental results demonstrate the effectiveness and efficiency of SODA and our detection apps.

show abstract

Section: B Offline Approachesmentioning

confidence: 99%

SODA: A Generic Online Detection Framework for Smart Contracts

Chen

Cao

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…There are works addressing vulnerability detection in smart contracts with other strategies as well [35][36][37]. Liu et al proposed a novel semantic-aware security auditing technique called S-gram for Ethereum [35].…”

Section: Related Workmentioning

confidence: 99%

“…Chang et al propose an alternative approach to automatically identify critical program paths (with multiple function calls including inter-contract function calls) in a smart contract, rank the paths according to their criticalness, discard them if they are infeasible or otherwise present them with user-friendly warnings for user inspection [37]. Their approach has been implemented in a tool called sCompile.…”

Section: Related Workmentioning

confidence: 99%

Towards Analyzing the Complexity Landscape of Solidity Based Ethereum Smart Contracts

Hegedűs

2019

Technologies

View full text Add to dashboard Cite

Blockchain-based decentralized cryptocurrency platforms are currently one of the hottest topics in technology. Although most of the interest is generated by cryptocurrency related activities, it is becoming apparent that a much wider spectrum of applications can leverage the blockchain technology. The primary concepts enabling such general use of the blockchain are the so-called smart contracts, which are special programs that run on the blockchain. One of the most popular blockchain platforms that supports smart contracts is Ethereum. As smart contracts typically handle money, ensuring their low number of faults and vulnerabilities are essential. To aid smart contract developers and help to mature the technology, we need analysis tools and studies for smart contracts. As an initiative for this, we propose the adoption of some well-known OO metrics for Solidity smart contracts. Furthermore, we analyze more than 40 thousand Solidity source files with our prototype tool. The results suggest that smart contract programs are short, neither overly complex nor coupled too much, do not rely heavily on inheritance, and either quite well-commented or not commented at all. Moreover, smart contracts could benefit from an external library and dependency management mechanism, as more than 85% of the defined libraries in Solidity files code the same functionalities.

show abstract

“…The other accessible data are smart contracts, for example, their bytecode written in the blocks. There are some work analyzing these code to give advises for smart contract developers and blockchain users [25], [26], [46]. Researchers also try to decompile them into source code [47] so that more approaches to source code analysis can be used.…”

Section: A Blockchain Systemsmentioning

confidence: 99%

A first look at blockchain‐based decentralized applications

Huang

et al. 2019

Softw Pract Exp

View full text Add to dashboard Cite

With the increasing popularity of blockchain technologies in recent years, blockchain-based decentralized applications (DApps for short in this paper) have been rapidly developed and widely adopted in many areas, being a hot topic in both academia and industry. Despite of the importance of DApps, we still have quite little understanding of DApps along with its ecosystem. To bridge the knowledge gap, this paper presents the first comprehensive empirical study of blockchain-based DApps to date, based on an extensive dataset of 995 Ethereum DApps and 29,846,075 transaction logs over them. We make a descriptive analysis of the popularity of DApps, summarize the patterns of how DApps use smart contracts to access the underlying blockchain, and explore the worth-addressing issues of deploying and operating DApps. Based on the findings, we propose some implications for DApp users to select proper DApps, for DApp developers to improve the efficiency of DApps, and for blockchain vendors to enhance the support of DApps.Index Terms-decentralized applications, Ethereum, smart contract, empirical study • RQ1: How is the popularity of DApps distributed?We explore the popularity of DApps by the number of unique users, transactions, and transaction volumes, and compare categories of DApps. We also examine the change of popularity as time evolves. By answering this question, we can provide an overview of the DApp market for all stakeholders in the DApp ecosystem. • RQ2: Are there any common practices of developing DApps? We investigate whether DApps are open source and how smart contracts are organized in a DApp. By answering this question, we can reveal the development arXiv:1909.00939v1 [cs.SE]

show abstract

sCompile: Critical Path Identification and Analysis for Smart Contracts

Cited by 75 publications

References 20 publications

SODA: A Generic Online Detection Framework for Smart Contracts

SODA: A Generic Online Detection Framework for Smart Contracts

Towards Analyzing the Complexity Landscape of Solidity Based Ethereum Smart Contracts

A first look at blockchain‐based decentralized applications

Contact Info

Product

Resources

About