SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability
Fri 22 Jul 2022 15:40 - 16:00 at ISSTA 1 - Session 3-9: Smart Contracts C
With the increasing popularity of blockchain, automatically detecting vulnerabilities in smart contracts is becoming a significant problem. Prior research mainly identifies smart contract vulnerabilities without considering the interactions between multiple contracts. Due to the lack of analyzing the fine-grained contextual information during cross-contract invocations, existing approaches often produced a large number of false positives and false negatives.
This paper proposes SmartDagger, a new framework for detecting cross-contract vulnerability through static analysis at the bytecode level. SmartDagger integrates a set of novel mechanisms to ensure its effectiveness and efficiency for cross-contract vulnerability detection. Particularly, SmartDagger effectively recovers the contract attribute information from the smart contract bytecode, which is critical for accurately identifying cross-contract vulnerabilities. Besides, instead of performing the typical whole-program analysis which is heavy-weight and time-consuming, SmartDagger selectively analyzes a subset of functions and reuses the data-flow results, which helps to improve its efficiency. Our further evaluation over a manually labelled dataset showed that SmartDagger significantly outperforms other state-of-the-art tools (i.e., Oyente, Slither, Osiris, and Mythril) for detecting cross-contract vulnerabilities. In addition, running SmartDagger over a randomly selected dataset of 250 smart contracts in the real-world, SmartDagger detects 11 cross-contract vulnerabilities, all of which are missed by prior tools.
Fri 22 JulDisplayed time zone: Seoul change
08:40 - 09:40 | |||
08:40 20mTalk | eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts Technical Papers Asem Ghaleb University of British Columbia, Julia Rubin University of British Columbia, Karthik Pattabiraman University of British Columbia DOI | ||
09:00 20mTalk | Finding Permission Bugs in Smart Contracts with Role MiningACM SIGSOFT Distinguished Paper Technical Papers Ye Liu Nanyang Technological University, Singapore, Yi Li Nanyang Technological University, Shang-Wei Lin Nanyang Technological University, Cyrille Artho KTH Royal Institute of Technology, Sweden DOI Pre-print | ||
09:20 20mTalk | SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability Technical Papers Zeqin Liao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiao Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University DOI |
15:00 - 16:20 | |||
15:00 20mTalk | Finding Permission Bugs in Smart Contracts with Role MiningACM SIGSOFT Distinguished Paper Technical Papers Ye Liu Nanyang Technological University, Singapore, Yi Li Nanyang Technological University, Shang-Wei Lin Nanyang Technological University, Cyrille Artho KTH Royal Institute of Technology, Sweden DOI Pre-print | ||
15:20 20mTalk | Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution Technical Papers Peilin Zheng Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University DOI | ||
15:40 20mTalk | SmartDagger : A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability Technical Papers Zeqin Liao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiao Chen Sun Yat-sen University, Yuhong Nan Sun Yat-sen University DOI | ||
16:00 20mTalk | WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts Technical Papers Weimin Chen The Hong Kong Polytechnic University, Zihan Sun Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Haipeng Cai Washington State University, USA, Lei Wu Zhejiang University DOI |