摘要:Permissionless blockchains allow the execution of arbitrary pro- grams (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in han- dling billions of USD by smart contracts. To address this problem, we present Securify, a security ana- lyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify’s analysis consists of two steps. First, it symbolically analyzes the contract’s dependency graph to extract precise semantic information from the code. Then, it checks com- pliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed > 18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

摘要:Ethereum smart contracts are an innovation built on top of the blockchain technology, which provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched easily once deployed. It is important for smart contracts to be checked against potential vulnerabilities. In this work, we propose an alternative approach to automatically identify critical program paths (with multiple function calls including inter-contract function calls) in a smart contract, rank the paths according to their criticalness, discard them if they are infeasible or otherwise present them with user friendly warnings for user inspection. We identify paths which involve monetary transaction as critical paths, and prioritize those which potentially violate important properties. For scalability, symbolic execution techniques are only applied to top ranked critical paths. Our approach has been implemented in a tool called sCompile, which has been applied to 36,099 smart contracts. The experiment results show that sCompile is efficient, i.e., 5 seconds on average for one smart contract. Furthermore, we show that many known vulnerabilities can be captured if user inspects as few as 10 program paths generated by sCompile. Lastly, sCompile discovered 224 unknown vulnerabilities with a false positive rate of 15.4% before user inspection.

摘要:Ethereum is gaining a significant popularity in the blockchain com- munity, mainly due to fact that it is design in a way that enables devel- opers to write decentralized applications (Dapps) and smart-contract using blockchain technology. This new paradigm of applications opens the door to many possibilities and opportunities. Blockchain is often referred as secure by design, but now that blockchains can embed ap- plications this raise multiple questions regarding architecture, design, attack vectors and patch deployments. In this paper I will discuss the architecture of the core component of Ethereum (Ethereum Virtual Machine), its vulnerabilities as well as my open-source tool “Poros- ity”. A decompiler for EVM bytecode that generates readable Solid- ity syntax contracts. Enabling static and dynamic analysis of such compiled contracts.

摘要:Researchers have proposed many optimizations to improve the effi- ciency of fuzzing, and most optimized strategies work very well on their targets when running in single mode with instantiating one fuzzer instance. However, in real industrial practice, most fuzzers run in parallel mode with instantiating multiple fuzzer instances, and those optimizations unfortunately fail to maintain the effi- ciency improvements. In this paper, we present PAFL, a framework that utilizes ef- ficient guiding information synchronization and task division to extend those existing fuzzing optimizations of single mode to in- dustrial parallel mode. With an additional data structure to store the guiding information, the synchronization ensures the informa- tion is shared and updated among different fuzzer instances timely. Then, the task division promotes the diversity of fuzzer instances by splitting the fuzzing task into several sub-tasks based on branch bitmap. We first evaluate PAFL using 12 different real-world pro- grams from Google fuzzer-test-suite. Results show that in parallel mode, two AFL improvers–AFLFast and FairFuzz do not outperform AFL, which is different from the case in single mode. However, when augmented with PAFL, the performance of AFLFast and FairFuzz in parallel mode improves. They cover 8% and 17% more branches, trigger 79% and 52% more unique crashes. For further evaluation on more widely-used software systems from GitHub, optimized fuzzers augmented with PAFL find more real bugs, and 25 of which are security-critical vulnerabilities registered as CVEs in the US National Vulnerability Database.

摘要:Blockchain-driven technologies are considered disruptive because of the availability of dis-intermediated, censorship-resistant and tamper-proof digital platforms of distributed trust. Among these technologies, smart contract platforms have the potential to take over functions usually done by intermediaries like banks, escrow or legal services. In this paper, we introduce a novel protocol aiming to execute smart contracts as part of a blockchain transaction valida- tion. We enable extensions in the execution of smart contracts while guaranteeing their privacy, correctness and verifiability. Man-in- the-middle attacks are prevented, since no communication between participants is requested, and contract validations do not imply the re-execution of the code by all the nodes in the network. However, proofs of correct execution are stored on the blockchain and can be verified by multiple parties. Our solution is based on programming tools which optimize the time execution and the required memory while preserving the embedded functionality.

摘要:Fuzz testing has helped security researchers and organizations discover a large number of vulnerabilities. Al- though it is efficient and widely used in industry, hardly any empirical studies and experience exist on the customization of fuzzers to real industrial projects. In this paper, collaborating with the engineers from Huawei, we present the practice of adapting fuzz testing to a proprietary message middleware named libmsg, which is responsible for the message transfer of the entire distributed system department. We present the main obstacles coming across in applying an efficient fuzzer to libmsg, including system configuration inconsistency, system build complexity, fuzzing driver absence. The solutions for those typical obstacles are also provided. For example, for the most difficult and expensive obstacle of writing fuzzing drivers, we present a low-cost approach by converting existing sample code snippets into fuzzing drivers. After overcoming those obstacles, we can effectively identify software bugs, and report 9 previously unknown vulnerabilities, including flaws that lead to denial of service or system crash.

摘要:In this paper, we report our project Fuse, which is a fuzz testing service. It presents the Fuse architecture and discusses the progress and technical issues to be addressed to fuzz-test smart contracts and support fuzz-testing of Dapps.

摘要:Smart contracts—stateful executable objects hosted on blockchains like Ethereum—carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing mul- tiple invocations of a contract over its lifetime. We fo- cus attention on three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone. We implemented MAIAN1 , the first tool for precisely specifying and reasoning about trace properties, which employs inter-procedural sym- bolic analysis and concrete validator for exhibiting real exploits. Our analysis of nearly one million contracts flags 34,200 (2,365 distinct) contracts vulnerable, in 10 seconds per contract. On a subset of 3,759 contracts which we sampled for concrete validation and manual analysis, we reproduce real exploits at a true positive rate of 89%, yielding exploits for 3,686 contracts. Our tool finds exploits for the infamous Parity bug that indirectly locked 200 million dollars worth in Ether, which previ- ous analyses failed to capture.

摘要:Fuzzing is widely used for vulnerability detection. There are various kinds of fuzzers with different fuzzing strate- gies, and most of them perform well on their targets. How- ever, in industrial practice, it is found that the performance of those well-designed fuzzing strategies is challenged by the complexity and diversity of real-world applications. In this paper, we systematically study an ensemble fuzzing ap- proach. First, we define the diversity of base fuzzers in three heuristics: diversity of coverage information granularity, di- versity of input generation strategy and diversity of seed se- lection and mutation strategy. Based on those heuristics, we choose several of the most recent base fuzzers that are as diverse as possible, and propose a globally asynchronous and locally synchronous (GALS) based seed synchronization mechanism to seamlessly ensemble those base fuzzers and obtain better performance. For evaluation, we implement EnFuzzbased on several widely used fuzzers such as QSYM and FairFuzz, and then test them on LAVA-M and Google’s fuzzing-test-suite, which consists of 24 widely used real- world applications. This experiment indicates that, under the same constraints for resources, these base fuzzers perform differently on different applications, while EnFuzz always outperforms others in terms of path coverage, branch cover- age and bug discovery. Furthermore, EnFuzz found 60 new vulnerabilities in several well-fuzzed projects such as libpng and libjpeg, and 44 new CVEs were assigned.

摘要:Smart contracts are applications that execute on blockchains. Today they manage billions of dollars in value and motivate visionary plans for pervasive blockchain deployment. While smart contracts inherit the availability and other secu- rity assurances of blockchains, however, they are impeded by blockchains’ lack of confidentiality and poor performance. We present Ekiden, a system that addresses these critical gaps by combining blockchains with Trusted Execution Environ- ments (TEEs). Ekiden leverages a novel architecture that sep- arates consensus from execution, enabling efficient TEE-backed confidentiality-preserving smart contracts and high scalability. Our prototype (with Tendermint as the consensus layer) achieves example performance of 600x more throughput and 400x less latency at 1000x less cost than the Ethereum mainnet. Another contribution of this paper is that we systematically identify and treat the pitfalls arising from harmonizing TEEs and blockchains. Treated separately, both TEEs and blockchains provide powerful guarantees, but hybridized, though, they en- gender new attacks. For example, in na¨ıve designs, privacy in TEE-backed contracts can be jeopardized by forgery of blocks, a seemingly unrelated attack vector. We believe the insights learned from Ekiden will prove to be of broad importance in hybridized TEE-blockchain systems.

摘要:Ponzi schemes are financial frauds which lure users under the promise of high profits. Actually, users are repaid only with the investments of new users join- ing the scheme: consequently, a Ponzi scheme implodes soon after users stop joining it. Originated in the offline world 150 years ago, Ponzi schemes have since then migrated to the digital world, approaching first the Web, and more recently hanging over cryptocurrencies like Bitcoin. Smart contract platforms like Ethereum have provided a new opportunity for scammers, who have now the possibility of creating “trustworthy” frauds that still make users lose money, but at least are guaranteed to execute “correctly”. We present a comprehen- sive survey of Ponzi schemes on Ethereum, analysing their behaviour and their impact from various viewpoints.

摘要:Ethereum is the largest blockchain platform sup- porting smart contracts with the second biggest market capital- ization. Ethereum data can yield many useful insights because of the large volume of transactions, accounts and blocks as well as the popular applications developed as smart contracts. Studying Ethereum data can also reveal many new attacks to the platform and its smart contracts. Unfortunately, it is non-trivial to systematically explore Ethereum because it involves massive heterogeneous data, which are produced and stored in different ways. Although a few recent studies report some interesting observations about Ethereum, they are limited by their data acquisition methods which cannot provide comprehensive and precise data. In this paper, to fill the gap, we propose DataEther, a systematic and high-fidelity data exploration framework for Ethereum by exploiting its internal mechanisms. Besides sup- porting the analyses in existing studies, DataEther further empowers users to explore unknown phenomena and obtain in-depth understandings. We first describe how we tackle the challenging issues in developing DataEther, and then use four data-centric applications to demonstrate its usage and report many new observations.

摘要:Decentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while minimizing trusts. Millions of smart contracts have been deployed in various decentralized applications. The security vulnerabilities within those smart contracts pose significant threats to their applications. Indeed, many critical security vulnerabilities within smart contracts on Ethereum platform have caused huge financial losses to their users. In this work, we present ContractFuzzer, a novel fuzzer to test Ethereum smart contracts for security vulnerabilities. ContractFuzzer generates fuzzing inputs based on the ABI specifications of smart contracts, defines test oracles to detect security vulnerabilities, instruments the EVM to log smart contracts runtime behaviors, and analyzes these logs to report security vulnerabilities. Our fuzzing of 6991 smart contracts has flagged more than 459 vulnerabilities with high precision. In particular, our fuzzing tool successfully detects the vulnerability of the DAO contract that leads to $60 million loss and the vulnerabilities of Parity Wallet that have led to the loss of $30 million and the freezing of $150 million worth of Ether.

摘要:Control-Flow Integrity (CFI) is an intensively studied technique for hardening software security. It enforces a Control-Flow Graph (CFG) by inlining runtime checks into target programs. Many meth- ods have been proposed to construct the enforced CFG, with differ- ent degrees of precision and sets of assumptions. However, past CFI work has not made attempt at justifying their CFG construction soundness using formal semantics and proofs. In this paper, we formalize the CFG construction in two major CFI systems, identify their assumptions, and prove their soundness; the soundness proof shows that their computed sets of targets for indirect calls are safe over-approximations.

摘要:A new mechanism is proposed for securing a blockchain applied to contracts management such as digital rights management. This mechanism includes a new consensus method using a credibility score and creates a hybrid blockchain by alternately using this new method and proof-of-stake. This makes it possible to prevent an attacker from monopolizing resources and to keep securing blockchains.