Securify: Practical Security Analysis of Smart Contracts
read more
Citations
A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain Networks
Blockchain-Enabled Smart Contracts: Architecture, Applications, and Future Trends
Blockchain for AI: Review and Open Research Challenges
An overview on smart contracts : Challenges, advances and platforms
Smart Contract Development: Challenges and Opportunities
References
Ethereum: A Secure Decentralised Generalised Transaction Ledger
Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts
Making Smart Contracts Smarter
Related Papers (5)
Frequently Asked Questions (15)
Q2. What is the main challenge in creating an effective security analyzer for smart contracts?
Themain challenge in creating an effective security analyzer for smart contracts is the Turing-completeness of the programming language, which renders automated verification of arbitrary properties undecidable.
Q3. What is the key benefit of working with patterns instead of their corresponding property?
in terms of verification, a key benefit in working with patterns, instead of with their corresponding property, is that patterns are substantially more amenable to automated reasoning.
Q4. What are the benefits of the declarative approach?
Key benefits of the declarative approach are: (i) inference rules concisely capture abstract reasoning about different components (e.g., contract storage), (ii) more facts and inference rules can be easily added, and (iii) inference rules are specified in a modular way (e.g., memory analysis is specified independently of contract storage analysis).
Q5. What is the underlying security problem that allowed the attacker to steal ether?
The underlying security problem that allowed the attacker to steal ether is that the security-critical field owner is universally writable by any Ethereum user.
Q6. What is the way to improve the precision of the static analysis?
As the authors show in their evaluation, partial evaluation resolves over 70% of the offsets that appear in storage/memory instructions.(iii) Method inlining, which improves the precision of the static analysis by making it context sensitive.
Q7. What can happen if a pattern does not capture the compliance or violation pattern?
since their patterns do not capture precisely their corresponding properties, it can happen that a contract matches neither the compliance nor the violation pattern.
Q8. What are the opcodes that are eliminated when Securify decompiles?
Note that many of the opcodes (such as push, dup, etc.) are eliminated when Securify decompiles the EVM bytecode to its stackless representation.
Q9. What is the final rule for assigning tags to a variable?
The final rule defines that if the execution of an assign(L,Y , _) instruction depends on a variable X (i.e., the label L is tainted with the variable X ), then all tags assigned to X are propagated to the output variable Y .
Q10. What is the property that checks when a write to the storage cannot occur?
The property requires that, for every storage offset x (e.g., a field in the contract), there is a user a that cannot write at offset x of the storage.
Q11. What is the property that checks when a write attack cannot occur?
A property that captures when this attack cannot occur checks that there are no writes to the storage after any call instruction.
Q12. What is the reason why it is possible to establish a correspondence in a real-world?
The reason why it is possible to establish such a correspondence is that violations of the original property in real-world contracts tend to often violate a much simpler property (captured by the pattern).
Q13. What are the two kinds of semantic facts that Securify computes?
Using the base facts described above, Securify computes two kinds of semantic facts: (i) flow-dependency predicates, which capture instruction dependencies according to the contract’s CFG, and (ii) data-dependency predicates; see Fig. 7.Flow-Dependency Predicates.
Q14. How does Securify reduce the amount of warnings a user needs to inspect?
As the authors show in their evaluation, the approach of using both violation and compliance patterns reduces the warnings a user needs to inspect manually by 65.9%, and even up to 99.4% for some properties.
Q15. What are some vulnerabilities that are not captured by Securify’s compliance patterns?
Some vulnerabilities are, however, contract-specific, and therefore they are not captured by their compliance patterns (i.e., a contract can be exploitable even if a compliance pattern is matched).