Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution
Fri 22 Jul 2022 15:20 - 15:40 at ISSTA 1 - Session 3-9: Smart Contracts C
Smart contract vulnerability detection has been a hot research topic. One of the popular detecting methods is symbolic execution. However, as reported, existing symbolic tools cost too much time, since they need to execute all paths to detect vulnerabilities. Thus their accuracy is limited by time. To attack this problem, we propose Park, a first general framework of parallel-fork symbolic execution for smart contracts. The main idea is to use multiple processes during symbolic execution, leveraging multiple CPU cores to enhance efficiency. Firstly, we propose a fork-operation based dynamic forking algorithm to achieve parallel symbolic contract execution. Secondly, against the SMT performance loss problem in parallelization, we propose an adaptive processes restriction and adjustment algorithm. Thirdly, we design a shared-memory based global variable reconstruction method to collect and rebuild the global variables from different processes. We implement Park as a plug-in and apply it to two popular symbolic tools of smart contracts: Oyente and Mythril. Experimental results under third-party datasets show that Park-Oyente and Park-Mythril can provide up to 6.84x and 7.49x speedup compared to original tools on 16 CPU cores.
Wed 20 JulDisplayed time zone: Seoul change
03:00 - 04:00 | |||
03:00 20mTalk | eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts Technical Papers Asem Ghaleb University of British Columbia, Julia Rubin University of British Columbia, Karthik Pattabiraman University of British Columbia DOI | ||
03:20 20mTalk | Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution Technical Papers Peilin Zheng Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University DOI | ||
03:40 20mTalk | WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts Technical Papers Weimin Chen The Hong Kong Polytechnic University, Zihan Sun Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Haipeng Cai Washington State University, USA, Lei Wu Zhejiang University DOI | ||
Fri 22 JulDisplayed time zone: Seoul change
15:00 - 16:20 | |||
15:00 20mTalk | Finding Permission Bugs in Smart Contracts with Role MiningACM SIGSOFT Distinguished Paper Technical Papers Ye Liu Nanyang Technological University, Singapore, Yi Li Nanyang Technological University, Singapore, Shang-Wei Lin Nanyang Technological University, Cyrille Artho KTH Royal Institute of Technology, Sweden DOI Pre-print | ||
15:20 20mTalk | Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution Technical Papers Peilin Zheng Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University DOI | ||
15:40 20mTalk | SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability Technical Papers Zeqin Liao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiao Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University DOI | ||
16:00 20mTalk | WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts Technical Papers Weimin Chen The Hong Kong Polytechnic University, Zihan Sun Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Haipeng Cai Washington State University, USA, Lei Wu Zhejiang University DOI | ||