Papers Link
Making Smart Contracts Smarter
Introduction
Category
- Problem Pattern: Less studied problem / Well studied problems
Motivation
Background
Ethereum’s smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins.Unfortunately, the security of smart contracts has not received much attention, although several anecdotal incidents of smart contracts malfunctioning have recently been reported, including contracts that do not execute as expected and/or that have locked away thousands of dollars worth of virtual coins.
Literature Review
Requir all clients in the network to upgrade,thus running the risk of not seeing real deployment.so,we provide a tool call OYENTE for users to detect bugs in as a pre-deployment.
This tool can detect 4 flaws:
- Transaction-Ordering Dependence(TOD)
- Timestamp Dependence
- Mishandled Exceptions
- Reentrancy Vulnerability
Research Niche
Smart contracts once deployed,which are irreversible and immutable.There is no way to patch a buggy smart contract,regardless of its popularity or how much money it has,without reversing the blockchain. The hacker can exploit this bug to gain benefit.so,we must detect whether the smart contract has flaws before deploy it.
Work
Research Objectives
Our goals are threefold:
- we aim to measure the prevalence of the security bugs discussed in Section3 in the real Ethereum contracts.
- we highlight that our design and implementation choices are driven by the characteristics of real-life smart contracts,and that OYENTE is robust enough to handle them.
- we present several case studies demonstrating misunderstandings that many contract developers have about the subtle semantics of Ethereum.
In Figure 12.OYENTE flags 8,833 contracts which have at least one security issue discussed in Section 3.Out of these,1,682 are dustinct(by direct comparison of the bytecode).
the authors only have one way to comfirm the false positives(假阳性) – by manual analysis.thus this tool can not remove false positives automatically
Insight
Evaluation
Evaluation Summary
We run Oyente on all contracts in the first 1,459,999 blocks of Ethereum. Our goals are threefold.
- we aim to measure the prevalence of the security bugs discussed in Section 3 in the real Ethereum contracts.
- we highlight that our design and implementation choices are driven by the characteristics of real-life smart contracts, and that Oyente is robust enough to handle them.
- we present several case studies demonstrating misunderstandings that many contract developers have about the subtle semantics of Ethereum.
Implications
When we want to judge the logic problem,we can use Symbolic execution.
Novelty
Contributions
The paper provide a tool called OYENTE :
- developers to write better contracts
- users to avoid invoking problematic contract.
- other analyses can also be implemented as independent plugins,without interfering with our existring features
Perfomance:
- On average,Oyente takes 350 seconds to analyze a contract. 267 contracts require more than 30 minutes to analyze. The number of paths explored by Oyente ranges from 1 to 4613 with an average of 19 per contract and a median of 6. We observe that the running time depends near linearly on the number of explored paths,i.e.,the complexity of contracts
Key Concepts
共识机制(Consensus Protocol)
共识机制是区块链事务达成分布式公式的算法。由于点对点网络下存在着或高低的网络延迟,所以各个节点接收到的事务的先后顺序可能不一样,因此区块链系统需要设计一种机制让节点对在差不多时间内发生的事务的先后顺序实现共识,这就是共识机制。
智能合约(Smart Contracts)
智能合约是存储在区块链中的“自主代理”,可以充当一个代理人,简单地说,智能合约就是区块链上一个包含智能合约代码和存储空间的虚拟账户。其中智能合约有两个重要组成部分:
- 合约的状态
- 该合约账户所拥有的以太币。
Gas System
在以太坊中,每执行一条指令都会对应消耗一些Gas。Gas可以用以太币来进行购买
庞氏骗局(Pyramid scheme)
利用新投资人的钱来向老投资者支付利息和短期回报,以制造赚钱的假象进而骗取更多的投资
符号执行(Symbolic execution)
符号执行是一种程序分析技术,它可以通过分析程序来让特定代码区域执行的输入。顾名思义,使用符号执行分析一个程序时,该程序使用符号值作为输入,而非一般执行程序时使用的具体值。在打到目标代码时,分析器可以得到相应的路径约束,然后通过约束求解器来得到可以触发目标代码的具体值。
