analysis of blockchain smart contracts: techniques and
TRANSCRIPT
Analysis of Blockchain Smart Contracts: Techniques and InsightsShinhae Kim and Sukyoung Ryu
#IEEESecDev https://secdev.ieee.org/2020
Analysis of Blockchain Smart Contracts: Techniques and Insights
Basic Concept of a Blockchain
a data structure that stores transactions among parties
> A blockchain is a chain of “blocks”
> Each block has the hash of previous block data Modifying the block data is computationally infeasible
Transaction #N…
…
“Bob transferred a dollar to Alice”
Transaction #1Transaction #2
HASHHASHHASH
AliceBob
2/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Basic Concept of a Blockchain
> A blockchain is built on top of a P2P network Each node has a copy of the chain
Bob Alice
> When a new transaction is made..
3/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Basic Concept of a Blockchain
> A blockchain is built on top of a P2P network Each node has a copy of the chain
Bob Alice
> When a new transaction is made..
1. A node forms a block with the transaction
4/24
Transaction #N…
“Alice transferred a dollar to Bob”…
Transaction #2Transaction #1
HASH
Analysis of Blockchain Smart Contracts: Techniques and Insights
Basic Concept of a Blockchain
> A blockchain is built on top of a P2P network Each node has a copy of the chain
Bob Alice
> When a new transaction is made..
1. A node forms a block with the transaction
5/24
Transaction #N…
“Alice transferred a dollar to Bob”…
Transaction #2Transaction #1
HASH
a small number“nonce”
hash
Analysis of Blockchain Smart Contracts: Techniques and Insights
Basic Concept of a Blockchain
> A blockchain is built on top of a P2P network Each node has a copy of the chain
Bob Alice
> When a new transaction is made..
1. A node forms a block with the transaction 2. The node broadcasts the block 3. Other nodes append the block as the tail of the chain
6/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Basic Concept of a Smart Contract
> A smart contract is a program deployed on the blockchainWhen invoked, it automatically makes transactions
“The contract transferred the jackpot to Bob”
“Bob transferred FEE_AMOUNT to the bank”
Bob
play( )
7/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Smart Contract Vulnerabilities
> Smart contracts enabled blockchain applicable to various domains
IoTFinance Business
> However, smart contracts have suffered from vulnerabilities
a list of “exploitable-vulnerabilities”
8/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Adversary
withdraw()
1
2
amount
The adversary stole $50 million from the DAO contract (June, 2016)Ethereum blockchain was forked into Ethereum and Ethereum Classic
Smart Contract Vulnerabilities
9/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Smart Contract Vulnerabilities
Wallet Library Contract
3
Adversary
Adversary calls initWallet(msg.sender)1
The wallet delegates the call to the library2 Adversary
Adversary withdraws all of the balance4
The library resets owner to adversary
The adversary stole $31 million from the wallet contract (July, 2017)
10/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Contribution of this Research
> Such vulnerabilities led to massive research on smart contract analysis
And this paper is …
the first comprehensive survey of research on smart contract analysis
11/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Overview of this Research
391 academic papers
67 “analysis-related” papers
12/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Overview of this Research
391 academic papers
67 “analysis-related” papers
13/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Research Trends of Smart Contract Analysis
Static analysis has been more dominant than dynamic analysis
Static Analysis
Dynamic Analysis
> Smart contracts need to be audited before deploymentSmart contracts cannot be modified once deployed
> Static analysis can reason over all possible paths
Bytecode loses some information such as variable types> Smart contracts are often opaque (i.e., no source code available)
> Dynamic analysis has no false positives
14/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Research Trends of Smart Contract Analysis
The most dominant techniques are the following:
> Symbolic executionSmart contracts often have small code sizes
> Model checkingSmart contract execution environments need to be considered as well(nuXmv, Corral, Uppaal, MCK model checkers)
(Isabelle/HOL, F*, Coq, K framework)
> Formal verificationThe highest level of correctness can be guaranteed
15/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Research Trends of Smart Contract Analysis
A large portion of work is to detect vulnerabilities> Vulnerabilities can directly result in financial losses
16/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Insights from the Survey
> Lack of Clear Property Definition> Unstable Language Semantics
Open Challenges Research Directions
> New Language Design> Type-based Approaches > Machine Learning Techniques> Rising Platforms and Languages
17/24
> Ambiguity in Contract Behaviors
Analysis of Blockchain Smart Contracts: Techniques and Insights
> Miners can control the order of deploying transactions
Ambiguity in Contract Behaviors
> Smart contracts often rely on off-chain sources through oracles
Oracle Contract
https://api.coindesk.com
https://api.coindesk.com
1
2
3
4
> Most contracts do not have their source code available
18/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Unstable Language Semantics
> Solidity frequently releases new versions and undergoes semantic changes> Other languages often do not have language specifications
Solidity before ver. 0.5.0 Solidity after ver. 0.5.0
19/24
Two paths that have different Ether flows exist?
Analysis of Blockchain Smart Contracts: Techniques and Insights
Lack of Clear Property Definition
> Existing analyzers do not have clear definitions of vulnerabilitiesThe detected “patterns” do not necessarily imply vulnerabilities
Analyzer
YES!
Transaction Order Dependency vulnerability
20/24
Two paths that have different Ether flows exist?
Analysis of Blockchain Smart Contracts: Techniques and Insights
Lack of Clear Property Definition
> Existing analyzers do not have clear definitions of vulnerabilitiesThe detected “patterns” do not necessarily imply vulnerabilities
Analyzer
YES!
False Positive!
21/24
Transaction Order Dependency vulnerability
Analysis of Blockchain Smart Contracts: Techniques and Insights
Promising Research Directions
> New Language Design
Languages with fully specified semantics are amenable to analysis
> Type-based Approaches
Most statically-typed languages do not support strong type checkingEnriching existing type systems can discover vulnerabilities
Compiler before ver. 0.5.0 does not check whether alice is an address of Alice contract
22/24
Analysis of Blockchain Smart Contracts: Techniques and Insights
Promising Research Directions
> Machine Learning Techniques
> Rising Platforms and Languages
Machine learning may improve the scalability and accuracy of smart contract analysis
Blockchain ecosystem is still evolving very fast
e.g. Hyperledger Fabric, EOS (platform)e.g. Serpent, Vyper (language)
Research on rising platforms and languages is at an early stage
23/24