ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Fri 19 Apr 2024 14:15 - 14:30 at Eugénio de Andrade - Vulnerability Detection Chair(s): Caroline Lemieux

As an essential component in Ethereum and other blockchains, token assets have been interacted with by diverse smart contracts although smart contracts are unprivileged by default. It is crucial for permission management of smart contracts to prevent token assets from being manipulated by unauthorized attackers. Despite recent efforts on investigating the accessibility of privileged functions or state variables in smart contracts to unauthorized users, little attention has been paid to how an accessible function can be manipulated by attackers to steal users’ digital assets. This attack is mainly caused by the permission re-delegation (PRD) vulnerability. In this work, we propose PrettySmart, a bytecode-level Permission re-delegation vulnerability detector for Smart contracts. We first conduct an empirical study on 0.43 million open-source smart contracts and find that five types of widely-used permission constraints dominate 98% of studied contracts. We then propose a mechanism to infer these permission constraints adopted by smart contracts by exploiting the bytecode instruction sequences. We next devise an algorithm to identify permission constraints that can be bypassed by an initially unauthorized attacker. We evaluate PrettySmart on two real-world datasets of smart contracts, including those from reported vulnerabilities and a public real-world dataset of smart contracts. The experimental results demonstrate the effectiveness of the proposed PrettySmart for achieving the highest precision score and detecting 118 new PRD vulnerabilities.

Fri 19 Apr

Displayed time zone: Lisbon change

14:00 - 15:30
Vulnerability DetectionResearch Track at Eugénio de Andrade
Chair(s): Caroline Lemieux University of British Columbia
14:00
15m
Talk
GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis
Research Track
Yuqiang Sun Nanyang Technological University, Daoyuan Wu Nanyang Technological University, Yue Xue MetaTrust Labs, Han Liu East China Normal University, Haijun Wang Xi'an Jiaotong University, Zhengzi Xu Nanyang Technological University, Xiaofei Xie Singapore Management University, Yang Liu Nanyang Technological University
DOI Pre-print
14:15
15m
Talk
PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts
Research Track
Zhijie Zhong School of Software Engineering, Sun Yat-sen University, Hong-Ning Dai Hong Kong Baptist University, Zibin Zheng Sun Yat-sen University, Qing Xue Sun Yat-sen University, Junjia Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University
14:30
15m
Talk
Combining Structured Static Code Information and Dynamic Symbolic Traces for Software Vulnerability Prediction
Research Track
Huanting Wang University of Leeds, UK, Zhanyong Tang Northwest University, Shin Hwei Tan Concordia University, Jie Wang NorthWest University, Yuzhe Liu NorthWest University, Hejun Fang NorthWest University, Chunwei Xia University of Leeds, Zheng Wang University of Leeds
14:45
15m
Talk
SCVHunter: Smart Contract Vulnerability Detection Based on Heterogeneous Graph Attention Network
Research Track
Feng Luo University of Electronic Science and Technology of China, Ruijie Luo University of Electronic Science and Technology of China, Ting Chen University of Electronic Science and Technology of China, Ao Qiao University of Electronic Science and Technology of China, Zheyuan He University of Electronic Science and Technology of China, Shuwei Song University of Electronic Science and Technology of China, Yu Jiang Tsinghua university, Sixing Li University of Electronic Science and Technology of China
15:00
15m
Talk
PS3: Precise Patch Presence Test based on Semantic Symbolic Signature
Research Track
Qi Zhan Zhejiang University, Xing Hu Zhejiang University, Zhiyang Li Zhejiang University, Xin Xia Huawei Technologies, David Lo Singapore Management University, Shanping Li Zhejiang University
15:15
15m
Talk
Safeguarding DeFi Smart Contracts against Oracle DeviationsACM SIGSOFT Distinguished Paper Award
Research Track
Xun Deng University of Toronto, Sidi Mohamed Beillahi University of Toronto, Cyrus Minwalla Bank of Canada, Han Du Bank of Canada, Andreas Veneris University of Toronto, Fan Long University of Toronto