We present SMARTEST, a novel symbolic execution technique for effectively hunting vulnerable transaction sequences in smart contracts. Because smart contracts are stateful programs whose states are altered by transactions, diagnosing and understanding nontrivial vulnerabilities requires generating sequences of transactions that demonstrate the flaws. However, finding such vulnerable transaction sequences is challenging as the number of possible combinations of transactions is intractably large. As a result, most existing tools for smart contract analysis use abstractions and merely point out the locations of vulnerabilities, which in turn imposes a steep burden on users of understanding the bugs, or have limited power in generating transaction sequences. In this paper, we aim to overcome this challenge by combining symbolic execution with a language model for vulnerable transaction sequences, so that symbolic execution effectively prioritizes program paths that are likely to reveal vulnerabilities. Experimental results with real-world smart contracts show that SMARTEST significantly outperforms existing tools by finding more vulnerable transaction sequences including critical zero-day vulnerabilities.
|Title of host publication||Proceedings of the 30th USENIX Security Symposium|
|Number of pages||18|
|Publication status||Published - 2021|
|Event||30th USENIX Security Symposium, USENIX Security 2021 - Virtual, Online|
Duration: 2021 Aug 11 → 2021 Aug 13
|Name||Proceedings of the 30th USENIX Security Symposium|
|Conference||30th USENIX Security Symposium, USENIX Security 2021|
|Period||21/8/11 → 21/8/13|
Bibliographical noteFunding Information:
We thank the anonymous reviewers and our shepherd, Byron Williams, for their constructive comments that helped to improve this paper. This work was supported by Samsung Research Funding & Incubation Center of Samsung Electronics under Project Number SRFC-IT1701-51. This work was also supported by Institute of Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government(MSIT) (No.2020-0-01337, (SW STAR LAB) Research on Highly-Practical Automated Software Repair). This work was also supported by Institute of Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government(MSIT) (No.2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security). This research was also supported by the MSIT(Ministry of Science and ICT), Korea, under the ICT Creative Consilience program(IITP-2021-0-01819) supervised by the IITP(Institute for Information & communications Technology Planning & Evaluation). So was supported by the Korea University Graduate School Junior Fellow Research Grant.
© 2021 by The USENIX Association. All rights reserved.
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality