Abstract
We present VERISMART, a highly precise verifier for ensuring arithmetic safety of Ethereum smart contracts. Writing safe smart contracts without unintended behavior is critically important because smart contracts are immutable and even a single flaw can cause huge financial damage. In particular, ensuring that arithmetic operations are safe is one of the most important and common security concerns of Ethereum smart contracts nowadays. In response, several safety analyzers have been proposed over the past few years, but state-of-the-art is still unsatisfactory; no existing tools achieve high precision and recall at the same time, inherently limited to producing annoying false alarms or missing critical bugs. By contrast, VERISMART aims for an uncompromising analyzer that performs exhaustive verification without compromising precision or scalability, thereby greatly reducing the burden of manually checking undiscovered or incorrectly-reported issues. To achieve this goal, we present a new domain-specific algorithm for verifying smart contracts, which is able to automatically discover and leverage transaction invariants that are essential for precisely analyzing smart contracts. Evaluation with real-world smart contracts shows that VERISMART can detect all arithmetic bugs with a negligible number of false alarms, far outperforming existing analyzers.
Original language | English |
---|---|
Title of host publication | Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 1678-1694 |
Number of pages | 17 |
ISBN (Electronic) | 9781728134970 |
DOIs | |
Publication status | Published - 2020 May |
Event | 41st IEEE Symposium on Security and Privacy, SP 2020 - San Francisco, United States Duration: 2020 May 18 → 2020 May 21 |
Publication series
Name | Proceedings - IEEE Symposium on Security and Privacy |
---|---|
Volume | 2020-May |
ISSN (Print) | 1081-6011 |
Conference
Conference | 41st IEEE Symposium on Security and Privacy, SP 2020 |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 20/5/18 → 20/5/21 |
Bibliographical note
Publisher Copyright:© 2020 IEEE.
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Software
- Computer Networks and Communications