Towards automated safety vetting of smart contracts in decentralized applications
We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic busin...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8542 https://ink.library.smu.edu.sg/context/sis_research/article/9545/viewcontent/3548606.3559384_pvoa_cc_by.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9545 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-95452024-01-22T14:51:40Z Towards automated safety vetting of smart contracts in decentralized applications DUAN, Yue ZHAO, Xin PAN, Yu LI, Shucheng LI, Minghao XU, Fengyuan ZHANG, Mu We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic business and safety logic. To automatically determine what safety specifications to check, we retrieve textual semantics from DApp user interfaces. To exclude untrusted UI text, we also validate the UI-logic consistency and detect any discrepancies. We have implemented VetSC and applied it to 34 real-world DApps. Experiments have demonstrated that VetSC can accurately interpret smart contract code, enable autonomous safety vetting, and discover safety risks in real-world Dapps. Using our tool, we have successfully discovered 19 new safety risks in the wild, such as expired lottery tickets and double voting. 2022-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8542 info:doi/10.1145/3548606.3559384 https://ink.library.smu.edu.sg/context/sis_research/article/9545/viewcontent/3548606.3559384_pvoa_cc_by.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University decentralized apps safety verification semantics smart contracts Finance and Financial Management Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
decentralized apps safety verification semantics smart contracts Finance and Financial Management Information Security |
| spellingShingle |
decentralized apps safety verification semantics smart contracts Finance and Financial Management Information Security DUAN, Yue ZHAO, Xin PAN, Yu LI, Shucheng LI, Minghao XU, Fengyuan ZHANG, Mu Towards automated safety vetting of smart contracts in decentralized applications |
| description |
We propose VetSC, a novel UI-driven, program analysis guided model checking technique that can automatically extract contract semantics in DApps so as to enable targeted safety vetting. To facilitate model checking, we extract business model graphs from contract code that capture its intrinsic business and safety logic. To automatically determine what safety specifications to check, we retrieve textual semantics from DApp user interfaces. To exclude untrusted UI text, we also validate the UI-logic consistency and detect any discrepancies. We have implemented VetSC and applied it to 34 real-world DApps. Experiments have demonstrated that VetSC can accurately interpret smart contract code, enable autonomous safety vetting, and discover safety risks in real-world Dapps. Using our tool, we have successfully discovered 19 new safety risks in the wild, such as expired lottery tickets and double voting. |
| format |
text |
| author |
DUAN, Yue ZHAO, Xin PAN, Yu LI, Shucheng LI, Minghao XU, Fengyuan ZHANG, Mu |
| author_facet |
DUAN, Yue ZHAO, Xin PAN, Yu LI, Shucheng LI, Minghao XU, Fengyuan ZHANG, Mu |
| author_sort |
DUAN, Yue |
| title |
Towards automated safety vetting of smart contracts in decentralized applications |
| title_short |
Towards automated safety vetting of smart contracts in decentralized applications |
| title_full |
Towards automated safety vetting of smart contracts in decentralized applications |
| title_fullStr |
Towards automated safety vetting of smart contracts in decentralized applications |
| title_full_unstemmed |
Towards automated safety vetting of smart contracts in decentralized applications |
| title_sort |
towards automated safety vetting of smart contracts in decentralized applications |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/8542 https://ink.library.smu.edu.sg/context/sis_research/article/9545/viewcontent/3548606.3559384_pvoa_cc_by.pdf |
| _version_ |
1789483261892755456 |