Exploiting The Laws of Order in Smart Contracts

by   Aashish Kolluri, et al.

We investigate a family of bugs in blockchain-based smart contracts, which we call event-ordering (or EO) bugs. These bugs are intimately related to the dynamic ordering of contract events, i.e., calls of its functions on the blockchain, and enable potential exploits of millions of USD worth of Ether. Known examples of such bugs and prior techniques to detect them have been restricted to a small number of event orderings, typicall 1 or 2. Our work provides a new formulation of this general class of EO bugs as finding concurrency properties arising in long permutations of such events. The technical challenge in detecting our formulation of EO bugs is the inherent combinatorial blowup in path and state space analysis, even for simple contracts. We propose the first use of partial-order reduction techniques, using happen-before relations extracted automatically for contracts, along with several other optimizations built on a dynamic symbolic execution technique. We build an automatic tool called ETHRACER that requires no hints from users and runs directly on Ethereum bytecode. It flags 7-11 contracts analyzed in roughly 18.5 minutes per contract, providing compact event traces that human analysts can run as witnesses. These witnesses are so compact that confirmations require only a few minutes of human effort. Half of the flagged contracts have subtle EO bugs, including in ERC-20 contracts that carry hundreds of millions of dollars worth of Ether. Thus, ETHRACER is effective at detecting a subtle yet dangerous class of bugs which existing tools miss.


page 1

page 14


A Framework and DataSet for Bugs in Ethereum Smart Contracts

Ethereum is the largest blockchain platform that supports smart contract...

Towards Smart Hybrid Fuzzing for Smart Contracts

Smart contracts are Turing-complete programs that are executed across a ...

SmartEmbed: A Tool for Clone and Bug Detection in Smart Contracts through Structural Code Embedding

Ethereum has become a widely used platform to enable secure, Blockchain-...

From Programming Bugs to Multimillion-Dollar Scams: An Analysis of Trapdoor Tokens on Decentralized Exchanges

We investigate in this work a recently emerging type of scam token calle...

Elysium: Automagically Healing Vulnerable Smart Contracts Using Context-Aware Patching

Smart contracts are programs that are deployed and executed on the block...

Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting

Blockchain smart contracts have given rise to a variety of interesting a...

MAVERICK: Proactively detecting network control plane bugs using structural outlierness

Proactive detection of network configuration bugs is important to ensure...

Please sign up or login with your details

Forgot password? Click here to reset