This paper presents Over, a framework designed to automatically analyze the behavior of decentralized finance (DeFi) protocols when subjected to a “skewed” oracle input. Over firstly performs symbolic analysis on the given contract and constructs a model of constraints. Then, the framework leverages an SMT solver to identify parameters that allow its secure operation. Furthermore, guard statements may be generated for smart contracts that may use the oracle values, thus effectively preventing oracle manipulation attacks. Empirical results show that Over can successfully analyze all 10 benchmarks collected, which encompass a diverse range of DeFi protocols. Additionally, this paper also illustrates that current parameters utilized in the majority of benchmarks are inadequate to ensure safety when confronted with significant oracle deviations.
Fri 19 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | Vulnerability DetectionResearch Track at Eugénio de Andrade Chair(s): Caroline Lemieux University of British Columbia | ||
14:00 15mTalk | GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis Research Track Yuqiang Sun Nanyang Technological University, Daoyuan Wu Nanyang Technological University, Yue Xue MetaTrust Labs, Han Liu East China Normal University, Haijun Wang Xi'an Jiaotong University, Zhengzi Xu Nanyang Technological University, Xiaofei Xie Singapore Management University, Yang Liu Nanyang Technological University DOI Pre-print | ||
14:15 15mTalk | PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts Research Track Zhijie Zhong School of Software Engineering, Sun Yat-sen University, Hong-Ning Dai Hong Kong Baptist University, Zibin Zheng Sun Yat-sen University, Qing Xue Sun Yat-sen University, Junjia Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University | ||
14:30 15mTalk | Combining Structured Static Code Information and Dynamic Symbolic Traces for Software Vulnerability Prediction Research Track Huanting Wang University of Leeds, UK, Zhanyong Tang Northwest University, Shin Hwei Tan Concordia University, Jie Wang NorthWest University, Yuzhe Liu NorthWest University, Hejun Fang NorthWest University, Chunwei Xia University of Leeds, Zheng Wang University of Leeds | ||
14:45 15mTalk | SCVHunter: Smart Contract Vulnerability Detection Based on Heterogeneous Graph Attention Network Research Track Feng Luo University of Electronic Science and Technology of China, Ruijie Luo University of Electronic Science and Technology of China, Ting Chen University of Electronic Science and Technology of China, Ao Qiao University of Electronic Science and Technology of China, Zheyuan He University of Electronic Science and Technology of China, Shuwei Song University of Electronic Science and Technology of China, Yu Jiang Tsinghua university, Sixing Li University of Electronic Science and Technology of China | ||
15:00 15mTalk | PS3: Precise Patch Presence Test based on Semantic Symbolic Signature Research Track Qi Zhan Zhejiang University, Xing Hu Zhejiang University, Zhiyang Li Zhejiang University, Xin Xia Huawei Technologies, David Lo Singapore Management University, Shanping Li Zhejiang University | ||
15:15 15mTalk | Safeguarding DeFi Smart Contracts against Oracle Deviations Research Track Xun Deng University of Toronto, Sidi Mohamed Beillahi University of Toronto, Cyrus Minwalla Bank of Canada, Han Du Bank of Canada, Andreas Veneris University of Toronto, Fan Long University of Toronto |