Towards automated safety vetting of smart contracts in decentralized applications

Towards automated safety vetting of smart contracts in decentralized applications

We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic busin...

Full description

Saved in:
Bibliographic Details
Main Authors: DUAN, Yue, ZHAO, Xin, PAN, Yu, LI, Shucheng, LI, Minghao, XU, Fengyuan, ZHANG, Mu
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2022
Subjects:
decentralized apps
smart contracts
safety verification
semantics
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/8139
https://ink.library.smu.edu.sg/context/sis_research/article/9142/viewcontent/3548606.3559384.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9142
record_format dspace
spelling sg-smu-ink.sis_research-91422023-09-14T08:21:10Z Towards automated safety vetting of smart contracts in decentralized applications DUAN, Yue ZHAO, Xin PAN, Yu LI, Shucheng LI, Minghao XU, Fengyuan ZHANG, Mu We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic business and safety logic. To automatically determine what safety specifications to check, we retrieve textual semantics from DApp user interfaces. To exclude untrusted UI text, we also validate the UI-logic consistency and detect any discrepancies. We have implemented VetSC and applied it to 34 real-world DApps. Experiments have demonstrated that VetSC can accurately interpret smart contract code, enable autonomous safety vetting, and discover safety risks in real-world Dapps. Using our tool, we have successfully discovered 19 new safety risks in the wild, such as expired lottery tickets and double voting. 2022-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8139 info:doi/10.1145/3548606.3559384 https://ink.library.smu.edu.sg/context/sis_research/article/9142/viewcontent/3548606.3559384.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University decentralized apps smart contracts safety verification semantics Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic decentralized apps
smart contracts
safety verification
semantics
Information Security
spellingShingle decentralized apps
smart contracts
safety verification
semantics
Information Security
DUAN, Yue
ZHAO, Xin
PAN, Yu
LI, Shucheng
LI, Minghao
XU, Fengyuan
ZHANG, Mu
Towards automated safety vetting of smart contracts in decentralized applications
description We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic business and safety logic. To automatically determine what safety specifications to check, we retrieve textual semantics from DApp user interfaces. To exclude untrusted UI text, we also validate the UI-logic consistency and detect any discrepancies. We have implemented VetSC and applied it to 34 real-world DApps. Experiments have demonstrated that VetSC can accurately interpret smart contract code, enable autonomous safety vetting, and discover safety risks in real-world Dapps. Using our tool, we have successfully discovered 19 new safety risks in the wild, such as expired lottery tickets and double voting.
format text
author DUAN, Yue
ZHAO, Xin
PAN, Yu
LI, Shucheng
LI, Minghao
XU, Fengyuan
ZHANG, Mu
author_facet DUAN, Yue
ZHAO, Xin
PAN, Yu
LI, Shucheng
LI, Minghao
XU, Fengyuan
ZHANG, Mu
author_sort DUAN, Yue
title Towards automated safety vetting of smart contracts in decentralized applications
title_short Towards automated safety vetting of smart contracts in decentralized applications
title_full Towards automated safety vetting of smart contracts in decentralized applications
title_fullStr Towards automated safety vetting of smart contracts in decentralized applications
title_full_unstemmed Towards automated safety vetting of smart contracts in decentralized applications
title_sort towards automated safety vetting of smart contracts in decentralized applications
publisher Institutional Knowledge at Singapore Management University
publishDate 2022
url https://ink.library.smu.edu.sg/sis_research/8139
https://ink.library.smu.edu.sg/context/sis_research/article/9142/viewcontent/3548606.3559384.pdf
_version_ 1779157178736705536

Similar Items