On security and reliability of smart contracts: the applications of dynamic specification mining on solidity
Smart contracts are computer programs running on blockchain platforms to manage large sums of cryptocurrency, govern and carry out transactions of assets between multiple parties. The security of smart contracts has attracted great attention, ever since their adoption in the management of massive cr...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/168560 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Smart contracts are computer programs running on blockchain platforms to manage large sums of cryptocurrency, govern and carry out transactions of assets between multiple parties. The security of smart contracts has attracted great attention, ever since their adoption in the management of massive cryptocurrency transactions. However, current works mainly rely on the priori security patterns, e.g., reentrancy, delegatecall, gasless send and tainted owner. Although these priori security patterns have been proven effective in finding smart contract vulnerabilities, they are very limited in finding deeper design flaws such as permission bugs, bookkeeping bugs, etc. Moreover, the reliability analysis of smart contracts becomes difficult since most smart contracts have little to no documentation for specifications. Fairness is also an important quality attribute of smart contracts and fairness issues have been proved widely existing in smart contracts such as Ponzi schemes. However, fairness has not yet attracted much research attention.
Most security and reliability issues can be detected via conformance checking between software implementation and its specification. As dynamic specification mining has been proven an effective way to learn specifications from software execution traces, in this dissertation, we aim to address the aforementioned challenges by proposing a systematic approach to study the security and reliability of smart contracts based on the learned specifications through dynamic specification mining techniques.
In general, contract specifications can be categorized into function-level and contract level specifications. This thesis presents the implementation of InvCon, a dynamic invariant detector for Solidity smart contracts. InvCon analyzes past transac tion histories of a contract to generate likely program invariants, which represent function-level properties that must be maintained during function execution. By combining these invariants with finite event traces from historical transactions, a novel counterexample-guided abstraction refinement algorithm is proposed and implemented in SmCon to mine compact and precise contract-level automata. Additionally, the thesis also presents SPCon that mines the role structures of smart contracts from the past transaction histories for the application of permission bug detection. The thesis demonstrates the applications of program invariants in seman tic bug detection and automated fairness verification. An invariant-based semantic test oracle, implemented in a grey-box fuzzing tool ContraMaster, is developed to enhance vulnerability detection in smart contracts, effectively addressing issues like reentrancy, exception disorder, gasless send, and integer overflow/underflow. For fairness issues, a verification framework FairCon is proposed that treats smart contracts as games and focuses on four fairness properties derived from mechanism design and game theory. Mechanism models are employed for bounded fairness property checking, while program invariants are used to analyze unbounded cases. The thesis also explores the applications of contract-level models in model-based testing and access control bug detection. ModCon is introduced as a tool that allows users to provide test models for smart contracts, specifying state definitions, transition relations, pre/post conditions, invariants, and mapping to the contract code. SPCon leverages the aforementioned role mining to identify permission bugs in smart contracts through conformance testing. The evaluation results demonstrate the high accuracy of permission bug detection, uncovering 11 previously unknown bugs in a well-known smart contract benchmark.
Briefly, we have successfully derived various smart contract specifications with dy namic specification mining and studied their applications on security and reliability of smart contracts |
|---|