We investigate a family of bugs in blockchain-based smart contracts, which we call event-ordering (or EO) bugs. These bugs are intimately related to the dynamic ordering of contract events, i.e., calls of its functions, and enable potential exploits of millions of USD worth of virtual coins. Known examples of such bugs and prior techniques to detect them have been restricted to a small number of event orderings, typicall 1 or 2. Our work provides a new formulation of this general class of EO bugs as finding concurrency properties arising in long permutations of such events.

The technical challenge in detecting our formulation of EO bugs in deployed contract on a blockchain such as Ethereum is the inherent combinatorial blowup in path and state space analysis, even for simple contracts. We propose the first use of partial-order reduction techniques, using happen-before relations extracted automatically forcontracts, along with several other optimizations built on dynamic symbolic execution techniques. We build an automatic analysis tool called EthRacer that requires no hints from users and runs directly on Ethereum bytecode. It flags $8%$ of over ten thousand contracts analyzed in few minutes per contract, providing compact event traces (witnesses) that human analysts can run concretely.