sCompile: Critical path identification and analysis for smart contracts
Ethereum smart contracts are an innovation built on top of the blockchain technology, which provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4641 https://ink.library.smu.edu.sg/context/sis_research/article/5644/viewcontent/Chang2019_Chapter_SCompileCriticalPathIdentifica.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5644 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-56442020-03-17T10:08:59Z sCompile: Critical path identification and analysis for smart contracts CHANG, Jialiang GAO, Bo XIAO, Hao SUN, Jun CAI, Yan YANG, Zijiang Ethereum smart contracts are an innovation built on top of the blockchain technology, which provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched easily once deployed. It is important for smart contracts to be checked against potential vulnerabilities. In this work, we propose an alternative approach to automatically identify critical program paths (with multiple function calls including inter-contract function calls) in a smart contract, rank the paths according to their criticalness, discard them if they are infeasible or otherwise present them with user friendly warnings for user inspection. We identify paths which involve monetary transaction as critical paths, and prioritize those which potentially violate important properties. For scalability, symbolic execution techniques are only applied to top ranked critical paths. Our approach has been implemented in a tool called sCompile, which has been applied to 36,099 smart contracts. The experiment results show that sCompile is efficient, i.e., 5 seconds on average for one smart contract. Furthermore, we show that many known vulnerabilities can be captured if user inspects as few as 10 program paths generated by sCompile. Lastly, sCompile discovered 224 unknown vulnerabilities with a false positive rate of 15.4% before user inspection. 2019-11-09T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4641 info:doi/10.1007/978-3-030-32409-4_18 https://ink.library.smu.edu.sg/context/sis_research/article/5644/viewcontent/Chang2019_Chapter_SCompileCriticalPathIdentifica.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Software Engineering |
| spellingShingle |
Software Engineering CHANG, Jialiang GAO, Bo XIAO, Hao SUN, Jun CAI, Yan YANG, Zijiang sCompile: Critical path identification and analysis for smart contracts |
| description |
Ethereum smart contracts are an innovation built on top of the blockchain technology, which provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched easily once deployed. It is important for smart contracts to be checked against potential vulnerabilities. In this work, we propose an alternative approach to automatically identify critical program paths (with multiple function calls including inter-contract function calls) in a smart contract, rank the paths according to their criticalness, discard them if they are infeasible or otherwise present them with user friendly warnings for user inspection. We identify paths which involve monetary transaction as critical paths, and prioritize those which potentially violate important properties. For scalability, symbolic execution techniques are only applied to top ranked critical paths. Our approach has been implemented in a tool called sCompile, which has been applied to 36,099 smart contracts. The experiment results show that sCompile is efficient, i.e., 5 seconds on average for one smart contract. Furthermore, we show that many known vulnerabilities can be captured if user inspects as few as 10 program paths generated by sCompile. Lastly, sCompile discovered 224 unknown vulnerabilities with a false positive rate of 15.4% before user inspection. |
| format |
text |
| author |
CHANG, Jialiang GAO, Bo XIAO, Hao SUN, Jun CAI, Yan YANG, Zijiang |
| author_facet |
CHANG, Jialiang GAO, Bo XIAO, Hao SUN, Jun CAI, Yan YANG, Zijiang |
| author_sort |
CHANG, Jialiang |
| title |
sCompile: Critical path identification and analysis for smart contracts |
| title_short |
sCompile: Critical path identification and analysis for smart contracts |
| title_full |
sCompile: Critical path identification and analysis for smart contracts |
| title_fullStr |
sCompile: Critical path identification and analysis for smart contracts |
| title_full_unstemmed |
sCompile: Critical path identification and analysis for smart contracts |
| title_sort |
scompile: critical path identification and analysis for smart contracts |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/4641 https://ink.library.smu.edu.sg/context/sis_research/article/5644/viewcontent/Chang2019_Chapter_SCompileCriticalPathIdentifica.pdf |
| _version_ |
1770574946433499136 |