analysis of blockchain smart contracts: techniques and

Analysis of Blockchain Smart Contracts: Techniques and InsightsShinhae Kim and Sukyoung Ryu

#IEEESecDev https://secdev.ieee.org/2020

Analysis of Blockchain Smart Contracts: Techniques and Insights

Basic Concept of a Blockchain

a data structure that stores transactions among parties

> A blockchain is a chain of “blocks”

> Each block has the hash of previous block data Modifying the block data is computationally infeasible

Transaction #N…

…

“Bob transferred a dollar to Alice”

Transaction #1Transaction #2

HASHHASHHASH

AliceBob

2/24



> A blockchain is built on top of a P2P network Each node has a copy of the chain

Bob Alice

> When a new transaction is made..

3/24




Bob Alice


1. A node forms a block with the transaction

4/24

Transaction #N…

“Alice transferred a dollar to Bob”…


HASH




Bob Alice


1. A node forms a block with the transaction

5/24

Transaction #N…

“Alice transferred a dollar to Bob”…


HASH

a small number“nonce”

hash




Bob Alice


1. A node forms a block with the transaction 2. The node broadcasts the block 3. Other nodes append the block as the tail of the chain

6/24


Basic Concept of a Smart Contract

> A smart contract is a program deployed on the blockchainWhen invoked, it automatically makes transactions

“The contract transferred the jackpot to Bob”

“Bob transferred FEE_AMOUNT to the bank”

Bob

play( )

7/24


Smart Contract Vulnerabilities

> Smart contracts enabled blockchain applicable to various domains

IoTFinance Business

> However, smart contracts have suffered from vulnerabilities

a list of “exploitable-vulnerabilities”

8/24


Adversary

withdraw()

1

2

amount

The adversary stole $50 million from the DAO contract (June, 2016)Ethereum blockchain was forked into Ethereum and Ethereum Classic


9/24



Wallet Library Contract

3

Adversary

Adversary calls initWallet(msg.sender)1

The wallet delegates the call to the library2 Adversary

Adversary withdraws all of the balance4

The library resets owner to adversary

The adversary stole $31 million from the wallet contract (July, 2017)

10/24


Contribution of this Research

> Such vulnerabilities led to massive research on smart contract analysis

And this paper is …

the first comprehensive survey of research on smart contract analysis

11/24


Overview of this Research

391 academic papers

67 “analysis-related” papers

12/24


Overview of this Research

391 academic papers

67 “analysis-related” papers

13/24


Research Trends of Smart Contract Analysis

Static analysis has been more dominant than dynamic analysis

Static Analysis

Dynamic Analysis

> Smart contracts need to be audited before deploymentSmart contracts cannot be modified once deployed

> Static analysis can reason over all possible paths

Bytecode loses some information such as variable types> Smart contracts are often opaque (i.e., no source code available)

> Dynamic analysis has no false positives

14/24



The most dominant techniques are the following:

> Symbolic executionSmart contracts often have small code sizes

> Model checkingSmart contract execution environments need to be considered as well(nuXmv, Corral, Uppaal, MCK model checkers)

(Isabelle/HOL, F*, Coq, K framework)

> Formal verificationThe highest level of correctness can be guaranteed

15/24



A large portion of work is to detect vulnerabilities> Vulnerabilities can directly result in financial losses

16/24


Insights from the Survey

> Lack of Clear Property Definition> Unstable Language Semantics

Open Challenges Research Directions

> New Language Design> Type-based Approaches > Machine Learning Techniques> Rising Platforms and Languages

17/24

> Ambiguity in Contract Behaviors


> Miners can control the order of deploying transactions

Ambiguity in Contract Behaviors

> Smart contracts often rely on off-chain sources through oracles

Oracle Contract

https://api.coindesk.com

https://api.coindesk.com

1

2

3

4

> Most contracts do not have their source code available

18/24


Unstable Language Semantics

> Solidity frequently releases new versions and undergoes semantic changes> Other languages often do not have language specifications

Solidity before ver. 0.5.0 Solidity after ver. 0.5.0

19/24

Two paths that have different Ether flows exist?


Lack of Clear Property Definition

> Existing analyzers do not have clear definitions of vulnerabilitiesThe detected “patterns” do not necessarily imply vulnerabilities

Analyzer

YES!

Transaction Order Dependency vulnerability

20/24

Two paths that have different Ether flows exist?


Lack of Clear Property Definition

> Existing analyzers do not have clear definitions of vulnerabilitiesThe detected “patterns” do not necessarily imply vulnerabilities

Analyzer

YES!

False Positive!

21/24

Transaction Order Dependency vulnerability


Promising Research Directions

> New Language Design

Languages with fully specified semantics are amenable to analysis

> Type-based Approaches

Most statically-typed languages do not support strong type checkingEnriching existing type systems can discover vulnerabilities

Compiler before ver. 0.5.0 does not check whether alice is an address of Alice contract

22/24


Promising Research Directions

> Machine Learning Techniques

> Rising Platforms and Languages

Machine learning may improve the scalability and accuracy of smart contract analysis

Blockchain ecosystem is still evolving very fast

e.g. Hyperledger Fabric, EOS (platform)e.g. Serpent, Vyper (language)

Research on rising platforms and languages is at an early stage

23/24

Thanks for your Listening!

analysis of blockchain smart contracts: techniques and

Documents