Enhancing Smart Contract Security Analysis with Execution Property Graphs
Smart contract vulnerabilities have led to significant financial losses, with their increasing complexity rendering outright prevention of hacks increasingly challenging. This trend highlights the crucial need for advanced forensic analysis and real-time intrusion detection, where dynamic analysis plays a key role in dissecting smart contract executions. Therefore, there is a pressing need for a unified and generic representation of smart contract executions, complemented by an efficient methodology that enables the modeling and identification of a broad spectrum of emerging attacks.
We introduce Clue, a dynamic analysis framework specifically designed for the Ethereum virtual machine. Central to Clue is its ability to capture critical runtime information during contract executions, employing a novel graph-based representation, the Execution Property Graph. A key feature of Clue is its innovative graph traversal technique, which is adept at detecting complex attacks, including (read-only) reentrancy and price manipulation. Evaluation results reveal Clue’s superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools. Furthermore, Clue’s efficiency positions it as a valuable tool for both forensic analysis and real-time intrusion detection.
Fri 27 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:15 | |||
11:00 25mTalk | Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection Research Papers Lei Yu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Zhirong Huang Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Hang Yuan Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Shiqi Cheng Institute of Software, Chinese Academy of Sciences, China, Li Yang Institute of Software, Chinese Academy of Sciences, Fengjun Zhang Institute of Software, Chinese Academy of Sciences, China, Chenjie Shen Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Jiajia Ma Institute of Software, Chinese Academy of Sciences, China, Jingyuan Zhang Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Junyi Lu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Chun Zuo Sinosoft DOI | ||
11:25 25mTalk | Enhancing Smart Contract Security Analysis with Execution Property Graphs Research Papers Kaihua Qin Yale University, Zhe Ye UC Berkeley, Zhun Wang UC Berkeley, Weilin Li University College London, Liyi Zhou The University of Sydney, Chao Zhang Tsinghua University, Dawn Song UC Berkeley, Arthur Gervais Imperial College London DOI | ||
11:50 25mTalk | The Incredible Shrinking Context... in a decompiler near you Research Papers Sifis Lagouvardos University of Athens, Yannis Bollanos Dedaub, Neville Grech Dedaub Limited, Yannis Smaragdakis University of Athens DOI Pre-print | ||
Cosmos 3A is the first room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.