ISSTA 2022
Mon 18 - Fri 22 July 2022 Online
Fri 22 Jul 2022 09:00 - 09:20 at ISSTA 1 - Session 2-15: Smart Contracts B
Fri 22 Jul 2022 15:00 - 15:20 at ISSTA 1 - Session 3-9: Smart Contracts C

Smart contracts deployed on permissionless blockchains, such as Ethereum, are accessible to any user in a trustless environment. Therefore, most smart contract applications implement access control policies to protect their valuable assets from unauthorized accesses. A difficulty in validating the conformance to such policies, i. e., whether the contract implementation adheres to the expected behaviors, is the lack of policy specifications. In this paper, we mine past transactions of a contract to recover a likely access control model, which can then be checked against various information flow policies and identify potential bugs related to user permissions. We implement our role mining and security policy validation in tool SPCon. The experimental evaluation on labeled smart contract role mining benchmark demonstrates that SPCon effectively mines more accurate user roles compared to the state-of-the-art role mining tools. Moreover, the experimental evaluation on real-world smart contract benchmark and access control CVEs indicates SPCon effectively detects potential permission bugs while having better scalability and lower false-positive rate compared to the state-of-the-art security tools, finding 11 previously unknown bugs and detecting six CVEs that no other tool can find.

Fri 22 Jul

Displayed time zone: Seoul change

08:40 - 09:40
Session 2-15: Smart Contracts BTechnical Papers at ISSTA 1
08:40
20m
Talk
eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts
Technical Papers
Asem Ghaleb University of British Columbia, Julia Rubin University of British Columbia, Karthik Pattabiraman University of British Columbia
DOI
09:00
20m
Talk
Finding Permission Bugs in Smart Contracts with Role MiningACM SIGSOFT Distinguished Paper
Technical Papers
Ye Liu Nanyang Technological University, Singapore, Yi Li Nanyang Technological University, Shang-Wei Lin Nanyang Technological University, Cyrille Artho KTH Royal Institute of Technology, Sweden
DOI Pre-print
09:20
20m
Talk
SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability
Technical Papers
Zeqin Liao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiao Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University
DOI
15:00 - 16:20
Session 3-9: Smart Contracts CTechnical Papers at ISSTA 1
15:00
20m
Talk
Finding Permission Bugs in Smart Contracts with Role MiningACM SIGSOFT Distinguished Paper
Technical Papers
Ye Liu Nanyang Technological University, Singapore, Yi Li Nanyang Technological University, Shang-Wei Lin Nanyang Technological University, Cyrille Artho KTH Royal Institute of Technology, Sweden
DOI Pre-print
15:20
20m
Talk
Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution
Technical Papers
Peilin Zheng Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University
DOI
15:40
20m
Talk
SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability
Technical Papers
Zeqin Liao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiao Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University
DOI
16:00
20m
Talk
WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts
Technical Papers
Weimin Chen The Hong Kong Polytechnic University, Zihan Sun Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Haipeng Cai Washington State University, USA, Lei Wu Zhejiang University
DOI