Oyente Making Smart Contracts Smarter Loi Luu DucHiep

  • Slides: 24
Download presentation
Oyente: Making Smart Contracts Smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel Prateek Saxena, Aquinas

Oyente: Making Smart Contracts Smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel Prateek Saxena, Aquinas Hobor National University of Singapore, Yale-NUS College

Programming securely is hard “Security can be no stronger than its weakest link”

Programming securely is hard “Security can be no stronger than its weakest link”

Programming Secure Smart Contracts is Harder • Smart contracts !=normal programs – Self-executed –

Programming Secure Smart Contracts is Harder • Smart contracts !=normal programs – Self-executed – One-shot programs • Cannot patch • New language – Solidity != Java. Script – Serpent != Python

Questions? • Are there other bugs? – Apart from call-stack and reentrancy? 140 120

Questions? • Are there other bugs? – Apart from call-stack and reentrancy? 140 120 100 80 60 40 20 0 6 /1 25 /8 6 /1 25 /6 6 /1 25 /4 6 /1 /2 25 2/ 15 /1 25 25 /1 /1 /8 25 0/ 15 No. of contracts 5 Thousands • How many contracts are vulnerable?

Challenges • Contracts code are not always available 60606040526040516102503 80380610250833981016040 528. . . .

Challenges • Contracts code are not always available 60606040526040516102503 80380610250833981016040 528. . . . • Too many contracts – Manual analysis is impossible PUSH 60 PUSH 40 MSTORE PUSH 0 CALLDATALOAD PUSH 1000000. . . SWAP 1 DIV. . .

Contribution • Identify New Smart Contract Bugs – Transaction Ordering Dependence (TOD) – Timestamp

Contribution • Identify New Smart Contract Bugs – Transaction Ordering Dependence (TOD) – Timestamp Dependence • Oyente: An analyzer for smart contracts – Use symbolic execution – Detect all popular bugs • • TOD Timestamp dependence Reentrancy Mishandling exceptions (e. g. send) – Flags 8836/ 19366 contracts as vulnerable • As of May 2016

New Smart Contract Bugs Transaction Ordering Dependence

New Smart Contract Bugs Transaction Ordering Dependence

Example: Puzzle Solver Puzzle. Solver Contract Balance: 100 Anyone can submit a solution to

Example: Puzzle Solver Puzzle. Solver Contract Balance: 100 Anyone can submit a solution to claim the reward Owner can update the reward anytime Puzzle. Solver() Set. Puzzle reward=100 Submit. Solution(solution) if is. Correct(solution): Send(reward) Update. Reward(new. Reward) reward=new. Reward

Scenario 1: Submit. Solution is trigerred +100 Puzzle. Solver Contract Balance: 100 0 Solution

Scenario 1: Submit. Solution is trigerred +100 Puzzle. Solver Contract Balance: 100 0 Solution for Puzzle Random TXs Other TXs Block Random TXs Submit. Solution Miners Other TXs Puzzle. Solver() Set. Difficulty reward=100 Submit. Solution(solution) if is. Correct(solution): Send(reward) Update. Reward(new. Reward) reward=new. Reward

Scenario 2: Both Submit. Solution and Update. Reward are triggered +0 Puzzle. Solver Contract

Scenario 2: Both Submit. Solution and Update. Reward are triggered +0 Puzzle. Solver Contract Balance: 100 Balance: 0 Solution for Puzzle Update Reward to $0! Other TXs Puzzle. Solver() Set. Difficulty reward=100 Block Update. Reward = 0 Submit. Solution Miners Other TXs Submit. Solution(solution) if is. Correct(solution): Send(reward) Update. Reward(new. Reward) reward=new. Reward

Transaction Ordering Dependence • Observed state != execution state • The expectation of the

Transaction Ordering Dependence • Observed state != execution state • The expectation of the state of the contract may not be true during execution. • Miners decide the order of TXs • Can be coincidence • Two transactions happen at the same time Solution for Puzzle Update Reward to $0! Other TXs

Transaction Ordering Dependence • Observed state != execution state • The expectation of the

Transaction Ordering Dependence • Observed state != execution state • The expectation of the state of the contract may not be true during execution. • Miners decide the order of TXs • Can be coincidence • Two transactions happen at the same time • Can be malicious • Saw the targeted TX from the victim • Submit the second TX to update the reward • Both TXs enter the race Solution for Puzzle Update Reward to $0! Other TXs

New Smart Contract Bugs Timestamp Dependence

New Smart Contract Bugs Timestamp Dependence

Contract: The. Run randomness = F(timestamp)

Contract: The. Run randomness = F(timestamp)

Contract: Ponzi. Government. Mental

Contract: Ponzi. Government. Mental

Timestamp can be manipulated • Miners can vary the block timestamp block. timestamp <=

Timestamp can be manipulated • Miners can vary the block timestamp block. timestamp <= now + 900 && block. timestamp >= parent. timestamp • Bias the output of contract execution to their benefit – Timed puzzles, time-based RNGs

Oyente: An Analyzer for Smart Contracts

Oyente: An Analyzer for Smart Contracts

Architecture • Based on symbolic execution • Have separate modules – Can add more

Architecture • Based on symbolic execution • Have separate modules – Can add more analysis separately 6060604052123 123123528. . . CFG BUILDER Byte. Code Ethereum State EXPLORER CORE ANALYSIS Z 3 Bit-Vector Solver Visualizer VALIDATOR

Symbolic Execution Inputs Is there any value of x? T T F Symbolic Theorem

Symbolic Execution Inputs Is there any value of x? T T F Symbolic Theorem Prover Formula NO T F F T T F YES Control Flow Graph Execution Trace

What Can Oyente Do? • Detect Bugs In Existing Smart Contracts – Run with

What Can Oyente Do? • Detect Bugs In Existing Smart Contracts – Run with 19, 366 contracts – 30 mins timeout per contract • Test generation 6000 T Flagged Buggy Contracts T F 5411 – Cover all possible paths of each program 5000 4000 F T F 3056 3000 2000 F T 1385 1000 340 186 135 0 Callstack TOD Total Reentrancy Unique 83 52 Timestamp

Oyente is Open Source • https: //github. com/ethereum/oyente • Future work – Support more

Oyente is Open Source • https: //github. com/ethereum/oyente • Future work – Support more opcodes – Handle loops – Combine static and dynamic symbolic executions

More in the papers • Solutions for all bugs – Semantic changes • Details

More in the papers • Solutions for all bugs – Semantic changes • Details of Oyente’s design • Some interesting statistics – All smart contracts – Evaluation results

Thanks! loiluu@comp. nus. edu. sg loi_luu

Thanks! loiluu@comp. nus. edu. sg loi_luu

Making Smart Contracts Smarter Authors Loi Luu DuchiepMaking Smart Contracts Smarter Authors Loi Luu Duchiep
Different contracts Agency contracts Distributor contracts Licensing contractsDifferent contracts Agency contracts Distributor contracts Licensing contracts
Smarter data Smarter Publishing Smarter ways to createSmarter data Smarter Publishing Smarter ways to create
Smart Contracts Ethereum Smart contracts Szabo 1997 httpSmart Contracts Ethereum Smart contracts Szabo 1997 http
Demystifying incentives in the consensus computer Loi LuuDemystifying incentives in the consensus computer Loi Luu
NEW CONTRACTS PREPARING NEW CONTRACTS New contracts JobNEW CONTRACTS PREPARING NEW CONTRACTS New contracts Job
Operation Contracts popo Operation Contracts Contracts describe detailedOperation Contracts popo Operation Contracts Contracts describe detailed
INTIMIDAD EN EL MATRIMONIO TIPOS DE OYENTE 7INTIMIDAD EN EL MATRIMONIO TIPOS DE OYENTE 7
Del Educando Oyente al Educando Hablante In PedagogiaDel Educando Oyente al Educando Hablante In Pedagogia
Ser cristian es ser oyente de la PalabraSer cristian es ser oyente de la Palabra
INTRODUCCIN A LA COMUNIDAD NO OYENTE PERSONAS CONINTRODUCCIN A LA COMUNIDAD NO OYENTE PERSONAS CON
Sustainable San Diego Making Smart Growth Smarter WhoSustainable San Diego Making Smart Growth Smarter Who
Smart Work for a Smarter Planet Making BPMSmart Work for a Smarter Planet Making BPM
Lets build a smarter pharmaceutical supply chain SmarterLets build a smarter pharmaceutical supply chain Smarter
SMARTER BALANCED STUDENT OVERVIEW Smarter Balanced KEY ELEMENTSSMARTER BALANCED STUDENT OVERVIEW Smarter Balanced KEY ELEMENTS
Smarter Balanced Testing 2014 Overview of the SmarterSmarter Balanced Testing 2014 Overview of the Smarter
Smarter Process for Government 2013 IBM Corporation SmarterSmarter Process for Government 2013 IBM Corporation Smarter
Smarter Europe smarter funding EWRC 10 October 2017Smarter Europe smarter funding EWRC 10 October 2017
SMARTER Goals Template SMARTER Goals stands for SpecificSMARTER Goals Template SMARTER Goals stands for Specific
Welcome to Luminant Academy Smarter People Smarter PowerWelcome to Luminant Academy Smarter People Smarter Power
Building a Smarter Planet Smarter Approach to StopBuilding a Smarter Planet Smarter Approach to Stop
ER CITIES SMARTER OSCAR ROBLES CEO LACNIC SMARTERER CITIES SMARTER OSCAR ROBLES CEO LACNIC SMARTER
SMARTER OR STRONGER STRONGER OR SMARTER There areSMARTER OR STRONGER STRONGER OR SMARTER There are