ISSTA 2022
Mon 18 - Fri 22 July 2022 Online
Wed 20 Jul 2022 03:00 - 03:20 at ISSTA 2 - Session 1-4: Smart Contracts A
Fri 22 Jul 2022 08:40 - 09:00 at ISSTA 1 - Session 2-15: Smart Contracts B

The execution of smart contracts on the Ethereum blockchain consumes gas paid for by users submitting contracts’ invocation requests. A contract execution proceeds as long as the users dedicate enough gas, within the limit set by Ethereum. If insufficient gas is provided, the contract execution halts and changes made during execution get reverted. Unfortunately, contracts may contain code patterns that increase execution cost, causing the contracts to run out of gas. These patterns can be manipulated by malicious attackers to induce unwanted behavior in the targeted victim contracts, e.g., Denial-of-Service (DoS) attacks. We call these gas-related vulnerabilities. We propose eTainter, a static analyzer for detecting gas-related vulnerabilities based on taint tracking in the bytecode of smart contracts. We evaluate eTainter by comparing it with the prior work, MadMax, on a dataset of annotated contracts. The results show that eTainter outperforms MadMax in both precision and recall, and that eTainter has a precision of 90% based on manual inspection. We also use eTainter to perform large-scale analysis of 60,612 real-world contracts on the Ethereum blockchain. We find that gas-related vulnerabilities exist in 2,763 of these contracts, and that eTainter analyzes a contract in eight seconds, on average.

Wed 20 Jul

Displayed time zone: Seoul change

03:00 - 04:00
Session 1-4: Smart Contracts ATechnical Papers at ISSTA 2
03:00
20m
Talk
eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts
Technical Papers
Asem Ghaleb University of British Columbia, Julia Rubin University of British Columbia, Karthik Pattabiraman University of British Columbia
DOI
03:20
20m
Talk
Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution
Technical Papers
Peilin Zheng Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University
DOI
03:40
20m
Talk
WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts
Technical Papers
Weimin Chen The Hong Kong Polytechnic University, Zihan Sun Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Haipeng Cai Washington State University, USA, Lei Wu Zhejiang University
DOI

Fri 22 Jul

Displayed time zone: Seoul change

08:40 - 09:40
Session 2-15: Smart Contracts BTechnical Papers at ISSTA 1
08:40
20m
Talk
eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts
Technical Papers
Asem Ghaleb University of British Columbia, Julia Rubin University of British Columbia, Karthik Pattabiraman University of British Columbia
DOI
09:00
20m
Talk
Finding Permission Bugs in Smart Contracts with Role MiningACM SIGSOFT Distinguished Paper
Technical Papers
Ye Liu Nanyang Technological University, Singapore, Yi Li Nanyang Technological University, Shang-Wei Lin Nanyang Technological University, Cyrille Artho KTH Royal Institute of Technology, Sweden
DOI Pre-print
09:20
20m
Talk
SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability
Technical Papers
Zeqin Liao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiao Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University
DOI