This paper presents Solar, a system for automatic synthesis of adversarial contracts that exploit vulnerabilities in a victim smart contract. To make the synthesis tractable, we introduce a query language as well as \emph{summary-based symbolic evaluation}, which significantly reduces the number of instructions that our synthesizer needs to evaluate symbolically, without compromising the precision of the vulnerability query. We encoded common vulnerabilities of smart contracts and evaluated \toolname on the entire data set from \etherscan. Our experiments demonstrate the benefits of summary-based symbolic evaluation and show that \toolname outperforms state-of-the-art smart contracts analyzers, \teether, \mythril, and \contractfuzz, in terms of running time, precision, and soundness.
Thu 24 SepDisplayed time zone: (UTC) Coordinated Universal Time change
16:00 - 17:00 | |||
16:00 20mTalk | Prober: Practically Defending Overflows with Page Protection Research Papers Hongyu Liu Purdue University, Ruiqin Tian College of William and Mary, Bin Ren College of William and Mary, Tongping Liu University of Massachusetts Amherst | ||
16:20 20mTalk | MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection Research Papers Alan Romano University at Buffalo, SUNY, Yunhui Zheng IBM Research, Weihang Wang University at Buffalo, SUNY | ||
16:40 20mTalk | Summary-Based Symbolic Evaluation for Smart Contracts Research Papers Yu Feng University of California, Santa Barbara, Emina Torlak University of Washington, Rastislav Bodík University of Washington | ||