ZEUS: Analyzing Safety of Smart Contracts.
Reads0
Chats0
TLDR
This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety.Abstract:
A smart contract is hard to patch for bugs once it is deployed, irrespective of the money it holds. A recent bug caused losses worth around $50 million of cryptocurrency. We present ZEUS—a framework to verify the correctness and validate the fairness of smart contracts. We consider correctness as adherence to safe programming practices, while fairness is adherence to agreed upon higher-level business logic. ZEUS leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. We have built a prototype of ZEUS for Ethereum and Fabric blockchain platforms, and evaluated it with over 22.4K smart contracts. Our evaluation indicates that about 94.6% of contracts (containing cryptocurrency worth more than $0.5 billion) are vulnerable. ZEUS is sound with zero false negatives and has a low false positive rate, with an order of magnitude improvement in analysis time as compared to prior art.read more
Citations
More filters
Journal ArticleDOI
A systematic literature review of blockchain-based applications: Current status, classification and open issues
TL;DR: A comprehensive classification of blockchain-enabled applications across diverse sectors such as supply chain, business, healthcare, IoT, privacy, and data management is presented, and key themes, trends and emerging areas for research are established.
Proceedings ArticleDOI
Securify: Practical Security Analysis of Smart Contracts
Petar Tsankov,Andrei Marian Dan,Dana Drachsler-Cohen,Arthur Gervais,Florian Bünzli,Martin Vechev +5 more
TL;DR: Securify as mentioned in this paper is a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property.
Journal ArticleDOI
An overview on smart contracts : Challenges, advances and platforms
TL;DR: This paper first introduces blockchains and smart contracts, then presents the challenges in smart contracts as well as recent technical advances, and gives a categorization of smart contract applications.
Proceedings ArticleDOI
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
TL;DR: Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.
Journal ArticleDOI
MadMax: surviving out-of-gas conditions in Ethereum smart contracts
TL;DR: MadMax is presented: a static program analysis technique to automatically detect gas-focused vulnerabilities with very high confidence and achieves high precision and scalability.
References
More filters
Proceedings ArticleDOI
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more
TL;DR: The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
Proceedings ArticleDOI
Practical Byzantine fault tolerance
Miguel Castro,Barbara Liskov +1 more
TL;DR: A new replication algorithm that is able to tolerate Byzantine faults that works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude.
Journal ArticleDOI
The part-time parliament
TL;DR: The Paxon parliament's protocol provides a new way of implementing the state machine approach to the design of distributed systems.
Proceedings Article
In search of an understandable consensus algorithm
Diego Ongaro,John Ousterhout +1 more
TL;DR: Raft is a consensus algorithm for managing a replicated log that separates the key elements of consensus, such as leader election, log replication, and safety, and it enforces a stronger degree of coherency to reduce the number of states that must be considered.
Proceedings ArticleDOI
Making Smart Contracts Smarter
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.