MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract

2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2019-10-01 DOI:10.1109/ISSRE.2019.00052

William Zhang, Sebastian Banescu, Leodardo Pasos, Steven T. Stewart, Vijay Ganesh

{"title":"MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract","authors":"William Zhang, Sebastian Banescu, Leodardo Pasos, Steven T. Stewart, Vijay Ganesh","doi":"10.1109/ISSRE.2019.00052","DOIUrl":null,"url":null,"abstract":"Smart contracts are executable programs that enable the building of a programmable trust mechanism between multiple entities without the need of a trusted third-party. At the time of this writing, there were over 10 million smart contracts deployed on the Ethereum networks and this number continues to grow at a rapid pace. Smart contracts are often written in a Turing-complete programming language called Solidity, which is not easy to audit for subtle errors. Further, since smart contracts are immutable, errors have led to attacks resulting in losses of cryptocurrency worth 100s of millions of USD and reputational damage. Unfortunately, manual security analyses do not scale with size and number of smart contracts. Automated and scalable mechanisms are essential if smart contracts are to gain mainstream acceptance. Researchers have developed several security scanners in the past couple of years. However, many of these analyzer either do not scale well, or if they do, produce many false positives. This issue is exacerbated when bugs are triggered only after a series of interactions with the functions of the contract-under-test. A depth-n vulnerability, refers to a vulnerability that requires invoking a specific sequence of n functions to trigger. Depth-n vulnerabilities are time-consuming to detect by existing automated analyzers, because of the combinatorial explosion of sequences of functions that could be executed on smart contracts. In this paper, we present a technique to analyze depth-n vulnerabilities in an efficient and scalable way by combining symbolic execution and data dependency analysis. A significant advantage of combining symbolic with static analysis is that it scales much better than symbolic alone and does not have the problem of false positive that static analysis tools typically have. We have implemented our technique in a tool called MPro, a scalable and automated smart contract analyzer based on the existing symbolic analysis tool Mythril-Classic and the static analysis tool Slither. We analyzed 100 randomly chosen smart contracts on MPro and our evaluation shows that MPro is about n-times faster than Mythril-Classic for detecting depth-n vulnerabilities, while preserving all the detection capabilities of Mythril-Classic.","PeriodicalId":254749,"journal":{"name":"2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSRE.2019.00052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

Abstract

Smart contracts are executable programs that enable the building of a programmable trust mechanism between multiple entities without the need of a trusted third-party. At the time of this writing, there were over 10 million smart contracts deployed on the Ethereum networks and this number continues to grow at a rapid pace. Smart contracts are often written in a Turing-complete programming language called Solidity, which is not easy to audit for subtle errors. Further, since smart contracts are immutable, errors have led to attacks resulting in losses of cryptocurrency worth 100s of millions of USD and reputational damage. Unfortunately, manual security analyses do not scale with size and number of smart contracts. Automated and scalable mechanisms are essential if smart contracts are to gain mainstream acceptance. Researchers have developed several security scanners in the past couple of years. However, many of these analyzer either do not scale well, or if they do, produce many false positives. This issue is exacerbated when bugs are triggered only after a series of interactions with the functions of the contract-under-test. A depth-n vulnerability, refers to a vulnerability that requires invoking a specific sequence of n functions to trigger. Depth-n vulnerabilities are time-consuming to detect by existing automated analyzers, because of the combinatorial explosion of sequences of functions that could be executed on smart contracts. In this paper, we present a technique to analyze depth-n vulnerabilities in an efficient and scalable way by combining symbolic execution and data dependency analysis. A significant advantage of combining symbolic with static analysis is that it scales much better than symbolic alone and does not have the problem of false positive that static analysis tools typically have. We have implemented our technique in a tool called MPro, a scalable and automated smart contract analyzer based on the existing symbolic analysis tool Mythril-Classic and the static analysis tool Slither. We analyzed 100 randomly chosen smart contracts on MPro and our evaluation shows that MPro is about n-times faster than Mythril-Classic for detecting depth-n vulnerabilities, while preserving all the detection capabilities of Mythril-Classic.

查看原文本刊更多论文

MPro:结合静态和符号分析的智能合约可扩展测试

智能合约是可执行的程序，它可以在多个实体之间建立可编程的信任机制，而不需要可信的第三方。在撰写本文时，以太坊网络上部署了超过1000万个智能合约，而且这个数字还在快速增长。智能合约通常是用一种叫做Solidity的图灵完备编程语言编写的，这种语言不容易审计细微的错误。此外，由于智能合约是不可变的，错误会导致攻击，导致价值数亿美元的加密货币损失和声誉受损。不幸的是，人工安全分析不能随智能合约的大小和数量而扩展。如果智能合约要获得主流认可，自动化和可扩展的机制是必不可少的。在过去的几年里，研究人员开发了几种安全扫描仪。然而，这些分析器中的许多要么不能很好地扩展，要么即使扩展了，也会产生许多误报。当只有在与被测合约的功能进行一系列交互之后才触发bug时，这个问题就会加剧。深度n漏洞，是指需要调用特定序列的n个函数才能触发的漏洞。现有的自动化分析器检测深度n漏洞非常耗时，因为可以在智能合约上执行的函数序列的组合爆炸。在本文中，我们提出了一种结合符号执行和数据依赖分析的技术，以有效和可扩展的方式分析深度n漏洞。将符号分析与静态分析相结合的一个显著优势是，它的可伸缩性比单独使用符号分析好得多，并且没有静态分析工具通常存在的误报问题。我们已经在一个名为MPro的工具中实现了我们的技术，MPro是一个可扩展的自动化智能合约分析器，基于现有的符号分析工具Mythril-Classic和静态分析工具Slither。我们在MPro上分析了100个随机选择的智能合约，我们的评估表明，MPro在检测深度n漏洞方面比Mythril-Classic快n倍，同时保留了Mythril-Classic的所有检测功能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)

自引率

0.00%

发文量