Abstract
The term “smart contracts” has become ubiquitous to describe an enormous number of programs uploaded to the popular Ethereum blockchain system. Despite rapid growth of the smart contract ecosystem, errors and exploitations have been constantly reported from online contract systems, which has put financial stability at risk with losses totaling millions of US dollars. Most existing research focuses on pinpointing specific types of vulnerabilities using known patterns. However, due to the lack of awareness of the inherent nondeterminism in the Ethereum blockchain system and how it affects the funds transfer of smart contracts, there can be unknown vulnerabilities that may be exploited by attackers to access numerous online smart contracts.
In this paper, we introduce a methodical approach to understanding the inherent nondeterminism in the Ethereum blockchain system and its (unwanted) influence on contract payments. We show that our new focus on nondeterminism-related smart contract payment bugs captures the root causes of many common vulnerabilities without relying on any known patterns and also encompasses recently disclosed issues that are not handled by existing research. To do so, we introduce techniques to systematically model components in the contract execution context and to expose various nondeterministic factors that are not yet fully understood. We further study how these nondeterministic factors impact contract funds transfer using information flow tracking. The technical challenge of detecting nondeterministic payments lies in discovering the contract global variables subtly affected by read-write hazards because of unpredictable transaction scheduling and external callee behavior. We show how to augment and instrument a contract program into a representation that simulates the execution of a large subset of the contract behavior. The instrumented code is then analyzed to flag nondeterministic global variables using off-the-shelf model checkers.
We implement the proposed techniques as a practical tool named NPChecker (Nondeterministic Payment Checker) and evaluate it on 30K online contracts (3,075 distinct) collected from the Ethereum mainnet. NPChecker has successfully detected nondeterministic payments in 1,111 online contracts with reasonable cost. Further investigation reports high precision of NPChecker (only four false positives in a manual study of 50 contracts). We also show that NPChecker unveils contracts vulnerable to recently-disclosed attack vectors. NPChecker can identify all six new vulnerabilities or variants of common smart contract vulnerabilities that are missed by existing research relying on a “contract vulnerability checklist.”
- 2018. Etherscan.IO. https://etherscan.io .Google Scholar
- 2018a. EVMJIT. https://github.com/ethereum/evmjit .Google Scholar
- 2018b. Known Attacks of Ethereum Smart Contract. https://consensys.github.io/smart-contract-best-practices/known_ attacks/ .Google Scholar
- 2019. Provable: Provable T M Random Number Generator. http://provable.xyz/ .Google Scholar
- 2019. RANDAO: A DAO working as RNG of Ethereum. https://github.com/randao/randao/blob/master/README.md .Google Scholar
- 2019. Securify Git Issues. https://github.com/eth-sri/securify/issues/98 .Google Scholar
- Sidney Amani, Myriam Bégel, Maksym Bortin, and Mark Staples. 2018. Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM, 66–77.Google ScholarDigital Library
- Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, et al. 2016. Formal verification of smart contracts: Short paper. In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. ACM, 91–96.Google ScholarDigital Library
- ChainSecurity. 2019. Constantinople enables new Reentrancy Attack. https://medium.com/chainsecurity/constantinopleenables-new-reentrancy-attack-ace4088297d9 .Google Scholar
- Code4Block. 2018. CVE List Found by Team Code4Block. https://github.com/TEAM-C4B/CVE-LIST .Google Scholar
- ConsenSys. 2018. Mythril Classic. https://github.com/ConsenSys/mythril-classic .Google Scholar
- Yu Feng, Emina Torlak, and Rastislav Bodik. 2019. Precise Attack Synthesis for Smart Contracts. arXiv: cs.CR/1902.06067Google Scholar
- Geth. 2018. Go Ethereum. https://geth.ethereum.org/downloads/ .Google Scholar
- Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. MadMax: Surviving Out-of-gas Conditions in Ethereum Smart Contracts. Proc. ACM Program. Lang. 2, OOPSLA, Article 116 (Oct. 2018), 27 pages.Google ScholarDigital Library
- Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. A semantic framework for the security analysis of ethereum smart contracts. In International Conference on Principles of Security and Trust. Springer, 243–269.Google ScholarCross Ref
- Arvind Haran, Montgomery Carter, Michael Emmi, Akash Lal, Shaz Qadeer, and Zvonimir Rakamarić. 2015. SMACK+Corral: A Modular Verifier (Competition Contribution). In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (Lecture Notes in Computer Science), Christel Baier and Cesare Tinelli (Eds.), Vol. 9035. Springer, 450–453.Google Scholar
- Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon Moore, Daejun Park, Yi Zhang, Andrei Stefanescu, et al. 2018. Kevm: A complete formal semantics of the ethereum virtual machine. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, 204–217.Google ScholarCross Ref
- Yoichi Hirai. 2017. Defining the ethereum virtual machine for interactive theorem provers. In International Conference on Financial Cryptography and Data Security. Springer, 520–535.Google ScholarCross Ref
- Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE 2018). 259–269.Google ScholarDigital Library
- Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In Proceedings of the 2018 Network and Distributed Systems Security (NDSS) Symposium (NDSS ’18).Google ScholarCross Ref
- Aashish Kolluri, Ivica Nikolic, Ilya Sergey, Aquinas Hobor, and Prateek Saxena. 2018. Exploiting The Laws of Order in Smart Contracts. arXiv: cs.CR/1810.11605Google Scholar
- Johannes Krupp and Christian Rossow. 2018. teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, 1317–1333.Google ScholarDigital Library
- Shuvendu K. Lahiri, Shaz Qadeer, and Zvonimir Rakamarić. 2009. Static and Precise Detection of Concurrency Errors in Systems Code Using SMT Solvers. In Proceedings of the 21st International Conference on Computer Aided Verification (CAV ’09). 509–524.Google ScholarDigital Library
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16). ACM, 254–269.Google ScholarDigital Library
- Anastasia Mavridou and Aron Laszka. 2018. Tool demonstration: FSolidM for designing secure Ethereum smart contracts. In International Conference on Principles of Security and Trust. Springer, 270–277.Google ScholarCross Ref
- Satoshi Nakamoto et al. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).Google Scholar
- Ivica Nikolić, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference. ACM, 653–663.Google ScholarDigital Library
- Daniel Perez and Benjamin Livshits. 2019. Smart Contract Vulnerabilities: Does Anyone Care? arXiv: cs.CR/1902.06710Google Scholar
- PNF. 2018. JEB Decompiler. https://www.pnfsoftware.com/ .Google Scholar
- Shaz Qadeer and Dinghao Wu. 2004. KISS: Keep It Simple and Sequential. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation (PLDI ’04). ACM, 14–24.Google ScholarDigital Library
- Zvonimir Rakamarić and Michael Emmi. 2014. SMACK: Decoupling Source Language Details from Verifier Implementations. In Computer Aided Verification, Armin Biere and Roderick Bloem (Eds.). 106–113.Google Scholar
- Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2018. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. CoRR abs/1812.05934 (2018).Google Scholar
- SECBIT. 2018. Awesome Buggy ERC20 Tokens. https://github.com/sec-bit/awesome-buggy-erc20-tokens .Google Scholar
- Ilya Sergey and Aquinas Hobor. 2017. A Concurrent Perspective on Smart Contracts. In Proceedings of the 1st Workshop on Trusted Smart Contracts.Google ScholarCross Ref
- David Siegel. 2016. Understanding The DAO Attack. https://www.coindesk.com/understanding-dao-hack-journalists .Google Scholar
- Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18). 67–82.Google ScholarDigital Library
- D. Wood. 2014. Ethereum: a secure decentralised generalised transaction ledger.Google Scholar
Index Terms
- Detecting nondeterministic payment bugs in Ethereum smart contracts
Recommendations
MadMax: surviving out-of-gas conditions in Ethereum smart contracts
Ethereum is a distributed blockchain platform, serving as an ecosystem for smart contracts: full-fledged inter-communicating programs that capture the transaction logic of an account. Unlike programs in mainstream languages, a gas limit restricts the ...
Security Vulnerabilities in Ethereum Smart Contracts
iiWAS2018: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & ServicesSmart contracts (SC) are one of the most appealing features of blockchain technologies facilitating, executing, and enforcing predefined terms of coded contracts without intermediaries. The steady adoption of smart contracts on the Ethereum blockchain ...
A security framework for Ethereum smart contracts
AbstractThe use of blockchain and smart contracts have not stopped growing in recent years. Like all software that begins to expand its use, it is also beginning to be targeted by hackers who will try to exploit vulnerabilities in both the ...
Comments