Abstract

Dynamic symbolic execution (DSE) has been successfully adopted for vulnerability detection in desktop and mobile platforms. Unfortunately, we cannot simply extrapolate those techniques to smart contracts. The major challenge is that smart contracts exhibit a nonuniform data access mode. Other than accessing the data via uniform addresses, smart contracts compromise multiple addressing modes, including flat address mode and key-value mode. More seriously, accessing a key-value table usually involves additional hash operations to obtain the keys. In this paper, we propose a DSE framework to resolve the nonuniform data access in smart contracts. More specifically, we exactly track the symbolic variables with concrete addresses and compute the actual/hash keys for table-like accesses. We also take the symbolic keys into account to distinguish data accesses incidentally with the same concrete keys resulting from artificially generated values. We describe the DSE framework in operational semantics. On top of the framework, we implement an integer overflow detector NOVA and a multi-transactional vulnerability detector MTVD. The experiments show that NOVA outperforms state-of-the-art analysis tools in detecting the integer overflows with much higher precision and recall, 94.2% and 93.0%, respectively. MTVD successfully reports three ether leaking vulnerabilities and one suicidal issue from real-world smart contracts.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.