Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts

by   Shelly Grossman, et al.

Callbacks are essential in many programming environments, but drastically complicate program understanding and reasoning because they allow to mutate object's local states by external objects in unexpected fashions, thus breaking modularity. The famous DAO bug in the cryptocurrency framework Ethereum, employed callbacks to steal 150M. We define the notion of Effectively Callback Free (ECF) objects in order to allow callbacks without preventing modular reasoning. An object is ECF in a given execution trace if there exists an equivalent execution trace without callbacks to this object. An object is ECF if it is ECF in every possible execution trace. We study the decidability of dynamically checking ECF in a given execution trace and statically checking if an object is ECF. We also show that dynamically checking ECF in Ethereum is feasible and can be done online. By running the history of all execution traces in Ethereum, we were able to verify that virtually all existing contracts, excluding the DAO or contracts with similar known vulnerabilities, are ECF. Finally, we show that ECF, whether it is verified dynamically or statically, enables modular reasoning about objects with encapsulated state.


page 1

page 2

page 3

page 4


OV: Validity-based Optimistic Smart Contracts

Smart contract (SC) platforms form blocks of transactions into a chain a...

Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning

In this work we propose Dynamit, a monitoring framework to detect reentr...

Atomicity Checking in Linear Time using Vector Clocks

Multi-threaded programs are challenging to write. Developers often need ...

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

Smart contracts---stateful executable objects hosted on blockchains like...

EVMFuzz: Differential Fuzz Testing of Ethereum Virtual Machine

Ethereum Virtual Machine (EVM) is the run-time environment for smart con...

Towards Trace-based Deductive Verification (Tech Report)

Contracts specifying a procedure's behavior in terms of pre- and postcon...

Please sign up or login with your details

Forgot password? Click here to reset