SigRec: Automatic Recovery of Function Signatures in Smart Contracts
Millions of smart contracts have been deployed onto Ethereum for providing various services, whose functions can be invoked. For this purpose, the caller needs to know the \textit{function signature} of a callee, which includes its function id and parameter types. Such signatures are \textit{critical} to many applications focusing on smart contracts, e.g., reverse engineering, fuzzing, attack detection, and profiling. Unfortunately, it is challenging to recover the function signatures from contract bytecode, since neither debug information nor type information is present in the bytecode. To address this issue, prior approaches rely on source code, or a collection of known signatures from incomplete databases or incomplete heuristic rules, which, however, are far from adequate and cannot cope with the rapid growth of new contracts. In this paper, we propose a novel solution that leverages how functions are handled by Ethereum virtual machine (EVM) to automatically recover function signatures. In particular, we exploit how smart contracts determine the functions to be invoked to locate and extract function ids, and propose a new approach named \emph{type-aware} symbolic execution (TASE) that utilizes the semantics of EVM operations on parameters to identify the number and the types of parameters. Moreover, we develop \texttt{\footnotesize SigRec}, a new tool for recovering function signatures from contract bytecode without the need of source code and function signature databases. The extensive experimental results show that \texttt{\footnotesize SigRec} outperforms all existing tools, achieving an unprecedented 98.7% accuracy within 0.074 seconds. We further demonstrate that the recovered function signatures are useful in attack detection, fuzzing and reverse engineering of EVM bytecode. \textbf{The original paper can be downloaded from https://ieeexplore.ieee.org/document/9426396.}
Wed 17 NovDisplayed time zone: Hobart change
09:00 - 10:00 | Analysis IJournal-first Papers / Research Papers / Industry Showcase at Koala Chair(s): Pavneet Singh Kochhar Microsoft | ||
09:00 20mTalk | Faster Mutation Analysis with Fewer Processes and Smaller Overheads Research Papers Bo Wang Beijing Jiaotong University, Sirui Lu Peking University, Yingfei Xiong Peking University, Feng Liu Beijing Jiaotong University | ||
09:20 20mTalk | FRUGAL: Unlocking Semi-supervised Learning for Software Analytics Research Papers | ||
09:40 10mTalk | Automatically Deciding on the Integration of Commits Based on Their Descriptions Industry Showcase Samuel Cristo da Fonseca Sidia R&D, Mateus C. Lucena Sidia R&D , Tiago M. Reis Sidia R&D, Pedro F. Cabral Sidia R&D, Walmir A. Silva Sidia R&D, Flavia de S. Santos Sidia R&D, Felipe T. Giuntini Sidia R&D, Juliano Sales Sidia R&D | ||
09:50 10mTalk | SigRec: Automatic Recovery of Function Signatures in Smart Contracts Journal-first Papers Ting Chen University of Electronic Science and Technology of China, Zihao Li The Hong Kong Polytechnic Universituy, Xiapu Luo Hong Kong Polytechnic University, XiaoFeng Wang Indiana University Bloomington, Ting Wang Penn State University, Hongwei Li University of Electronic Science and Technology of China, Xiaosong Zhang University of Electronic Science and Technology of China Link to publication DOI |