Oyente Making Smart Contracts Smarter Loi Luu DucHiep
- Slides: 24
Oyente: Making Smart Contracts Smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel Prateek Saxena, Aquinas Hobor National University of Singapore, Yale-NUS College
Programming securely is hard “Security can be no stronger than its weakest link”
Programming Secure Smart Contracts is Harder • Smart contracts !=normal programs – Self-executed – One-shot programs • Cannot patch • New language – Solidity != Java. Script – Serpent != Python
Questions? • Are there other bugs? – Apart from call-stack and reentrancy? 140 120 100 80 60 40 20 0 6 /1 25 /8 6 /1 25 /6 6 /1 25 /4 6 /1 /2 25 2/ 15 /1 25 25 /1 /1 /8 25 0/ 15 No. of contracts 5 Thousands • How many contracts are vulnerable?
Challenges • Contracts code are not always available 60606040526040516102503 80380610250833981016040 528. . . . • Too many contracts – Manual analysis is impossible PUSH 60 PUSH 40 MSTORE PUSH 0 CALLDATALOAD PUSH 1000000. . . SWAP 1 DIV. . .
Contribution • Identify New Smart Contract Bugs – Transaction Ordering Dependence (TOD) – Timestamp Dependence • Oyente: An analyzer for smart contracts – Use symbolic execution – Detect all popular bugs • • TOD Timestamp dependence Reentrancy Mishandling exceptions (e. g. send) – Flags 8836/ 19366 contracts as vulnerable • As of May 2016
New Smart Contract Bugs Transaction Ordering Dependence
Example: Puzzle Solver Puzzle. Solver Contract Balance: 100 Anyone can submit a solution to claim the reward Owner can update the reward anytime Puzzle. Solver() Set. Puzzle reward=100 Submit. Solution(solution) if is. Correct(solution): Send(reward) Update. Reward(new. Reward) reward=new. Reward
Scenario 1: Submit. Solution is trigerred +100 Puzzle. Solver Contract Balance: 100 0 Solution for Puzzle Random TXs Other TXs Block Random TXs Submit. Solution Miners Other TXs Puzzle. Solver() Set. Difficulty reward=100 Submit. Solution(solution) if is. Correct(solution): Send(reward) Update. Reward(new. Reward) reward=new. Reward
Scenario 2: Both Submit. Solution and Update. Reward are triggered +0 Puzzle. Solver Contract Balance: 100 Balance: 0 Solution for Puzzle Update Reward to $0! Other TXs Puzzle. Solver() Set. Difficulty reward=100 Block Update. Reward = 0 Submit. Solution Miners Other TXs Submit. Solution(solution) if is. Correct(solution): Send(reward) Update. Reward(new. Reward) reward=new. Reward
Transaction Ordering Dependence • Observed state != execution state • The expectation of the state of the contract may not be true during execution. • Miners decide the order of TXs • Can be coincidence • Two transactions happen at the same time Solution for Puzzle Update Reward to $0! Other TXs
Transaction Ordering Dependence • Observed state != execution state • The expectation of the state of the contract may not be true during execution. • Miners decide the order of TXs • Can be coincidence • Two transactions happen at the same time • Can be malicious • Saw the targeted TX from the victim • Submit the second TX to update the reward • Both TXs enter the race Solution for Puzzle Update Reward to $0! Other TXs
New Smart Contract Bugs Timestamp Dependence
Contract: The. Run randomness = F(timestamp)
Contract: Ponzi. Government. Mental
Timestamp can be manipulated • Miners can vary the block timestamp block. timestamp <= now + 900 && block. timestamp >= parent. timestamp • Bias the output of contract execution to their benefit – Timed puzzles, time-based RNGs
Oyente: An Analyzer for Smart Contracts
Architecture • Based on symbolic execution • Have separate modules – Can add more analysis separately 6060604052123 123123528. . . CFG BUILDER Byte. Code Ethereum State EXPLORER CORE ANALYSIS Z 3 Bit-Vector Solver Visualizer VALIDATOR
Symbolic Execution Inputs Is there any value of x? T T F Symbolic Theorem Prover Formula NO T F F T T F YES Control Flow Graph Execution Trace
What Can Oyente Do? • Detect Bugs In Existing Smart Contracts – Run with 19, 366 contracts – 30 mins timeout per contract • Test generation 6000 T Flagged Buggy Contracts T F 5411 – Cover all possible paths of each program 5000 4000 F T F 3056 3000 2000 F T 1385 1000 340 186 135 0 Callstack TOD Total Reentrancy Unique 83 52 Timestamp
Oyente is Open Source • https: //github. com/ethereum/oyente • Future work – Support more opcodes – Handle loops – Combine static and dynamic symbolic executions
More in the papers • Solutions for all bugs – Semantic changes • Details of Oyente’s design • Some interesting statistics – All smart contracts – Evaluation results
Thanks! loiluu@comp. nus. edu. sg loi_luu
- Making smart contracts smarter
- Normas del buen hablante y del buen oyente para niños
- Blaockchain
- Autotransplantaat
- Quy tắc sử dụng và bảo quản lựu đạn
- Quy tắc sử dụng và bảo quản lựu đạn
- Lớp bột huỳnh quang có tác dụng
- Nguyễn lưu thùy ngân
- Lưu ý khi sử dụng kĩ thuật khăn trải bàn
- Tầng bình lưu có đặc điểm gì
- Chất bán dẫn
- Lưu trữ địa lí tự nhiên rams vnu
- Hue janice
- Australopiteek kolju
- Cấu tạo lựu đạn chày
- Amber luu
- Smart two men are
- What is the next letter? a z b y c x d
- It's not how smart you are it's how you are smart
- Street smart vs book smart quotes
- Future smart ways to pay answers
- One smart man he felt smart
- Street smart vs book smart
- It's not how smart you are
- When making smart food choices what question