DeepAI AI Chat
Log In Sign Up

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

02/16/2018
by   Ivica Nikolic, et al.
0

Smart contracts---stateful executable objects hosted on blockchains like Ethereum---carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime. We focus attention on three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone. We implemented MAIAN, the first tool for precisely specifying and reasoning about trace properties, which employs inter-procedural symbolic analysis and concrete validator for exhibiting real exploits. Our analysis of nearly one million contracts flags 34,200 (2,365 distinct) contracts vulnerable, in 10 seconds per contract. On a subset of3,759 contracts which we sampled for concrete validation and manual analysis, we reproduce real exploits at a true positive rate of 89 the infamous Parity bug that indirectly locked 200 million dollars worth in Ether, which previous analyses failed to capture.

READ FULL TEXT

page 1

page 2

page 3

page 4

Related Research

research
11/16/2018

Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Vulnerabilities

Symbolic analysis of security exploits in smart contracts has demonstrat...
0 Wesley J T, et al.
research
02/19/2019

The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts

Modern blockchains, such as Ethereum, enable the execution of so-called ...
0 Christof Ferreira Torres, et al.
research
02/18/2019

Smart Contract Vulnerabilities: Does Anyone Care?

In the last year we have seen a great deal of both academic and practica...
0 Daniel Perez, et al.
research
04/13/2023

Smart Contract Upgradeability on the Ethereum Blockchain Platform: An Exploratory Study

Context: Smart contracts are computerized self-executing contracts that ...
0 Ilham Qasse, et al.
research
01/12/2018

Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts

Callbacks are essential in many programming environments, but drasticall...
0 Shelly Grossman, et al.
research
04/21/2023

Smart Learning to Find Dumb Contracts

We introduce Deep Learning Vulnerability Analyzer (DLVA), a vulnerabilit...
0 Tamer Abdelaziz, et al.
research
05/01/2019

Characterizing Code Clones in the Ethereum Smart Contract Ecosystem

In this paper, we present the first large-scale and systematic study to ...
0 Ningyu He, et al.

Code Repositories

MAIAN

MAIAN: automatic tool for finding trace vulnerabilities in Ethereum smart contracts


view repo

Smart_Contract_Security_Analysis

Papers of smart contract security analysis (and tools)


view repo

Sign up for DeepAI

Already have an account? Login here

Login to DeepAI

Don't have an account? Signup here

Become a DeepAI PRO

$4.99/mo
500 AI generator calls per month + $5 per 500 more (includes images)
1750 AI Chat messages per month + $5 per 1750 more
60 Genius Mode messages per month + $5 per 60 more
HD image generator access
Private image generation
Complete styles library
API access
Ad-free experience
*
This is a recurring payment that will happen monthly
*
If you exceed number of images or messages listed, they will be charged at a rate of $5

Pay as you go

Starting at $5 for
100 AI Generator Calls (includes images)
350 AI Chat messages
Does not include Genius Mode
Private image generation
Complete styles library
API access
Ad-free experience

Out of credits

Your DeepAI PRO account is out of credits - your current balance is $-0.50
Please refill your account to continue using DeepAI PRO.

SHARE