Towards Finding Accounting Errors in Smart Contracts
Author: 
Brian ZhangAuthors Info & Claims
Brian ZhangAuthors Info & ClaimsArticle No.: 138, Pages 1 - 13
Abstract
Bugs in smart contracts may have devastating effects as they tend to cause financial loss. According to a recent study, accounting bugs are the most common kind of bugs in smart contracts that are beyond automated tools during pre-deployment auditing. The reason lies in that these bugs are usually in the core business logic and hence contract-specific. They are analogous to functional bugs in traditional software, which are largely beyond automated bug finding tools whose effectiveness hinges on uniform and machine checkable characteristics of bugs. It was also reported that accounting bugs are the second-most difficult to find through manual auditing, due to the need of understanding underlying business models. We observe that a large part of business logic in smart contracts can be modeled by a few primitive operations like those in a bank, such as deposit, withdraw, loan, and pay-off, or by their combinations. The properties of these operations can be clearly defined and checked by an abstract type system that models high-order information such as token units, scaling factors, and financial types. We hence develop a novel type propagation and checking system with the aim of identifying accounting bugs. Our evaluation on a large set of 57 existing accounting bugs in 29 real-world projects shows that 58% of the accounting bugs are type errors. Our system catches 87.9% of these type errors. In addition, applying our technique to auditing a large project in a very recent auditing contest has yielded the identification of 6 zero-day accounting bugs with 4 leading to direct fund loss.
References
[1]
[n. d.]. Blockchain Technology Solutions. https://consensys.net/
[2]
[n. d.]. Code4rena. https://code4rena.com
[3]
[n. d.]. DefiLlama. https://defillama.com/
[4]
2022. ConsenSys/mythril. https://github.com/ConsenSys/mythril
[5]
2023. Biconomy Project. https://github.com/ZhangZhuoSJTU/Web3Bugs/tree/main/contracts/97
[6]
2023. Coinmarketcap. https://coinmarketcap.com/
[7]
2023. defillama/categories. https://defillama.com/categories
[8]
2023. Funding Fee. https://www.binance.com/en/blog/futures/what-are-funding-fees-in-binance-futures-6595842576313788144
[9]
2023. Perpetual Markets. https://milkroad.com/funding/perpetual-contracts/
[10]
2023. Q2. https://cointelegraph.com/news/crypto-hacks-and-exploits-snatch-over-300m-in-q2-2023-report
[11]
2023. Supplementary Material. https://github.com/NioTheFirst/ScType/blob/main/icse2024-paper1049-supplementary_material_upload.pdf
[12]
2023. Tigris Trade Project. https://github.com/ZhangZhuoSJTU/Web3Bugs/tree/main/contracts/192
[13]
2023. Tracer Project. https://github.com/ZhangZhuoSJTU/Web3Bugs/tree/main/contracts/16
[14]
2023. uranium. https://www.coindesk.com/markets/2021/04/28/binance-chain-defi-exchange-uranium-finance-loses-50m-in-exploit/
[15]
2023. Vader Protocol P1 Project. https://github.com/ZhangZhuoSJTU/Web3Bugs/tree/main/contracts/5/vader-protocol
[16]
Miltiadis Allamanis, Earl T. Barr, Soline Ducousso, and Zheng Gao. 2020. Typilus: neural type hints. Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (2020).
[17]
Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni Vigna. 2022. Sailfish: Vetting smart contract state-inconsistency bugs in seconds. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE.
[18]
Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018).
[19]
Jialiang Chang, Bo Gao, Hao Xiao, Jun Sun, Yan Cai, and Zijiang Yang. 2019. sCompile: Critical Path Identification and Analysis for Smart Contracts. In ICFEM (Lecture Notes in Computer Science, Vol. 11852). Springer, 286--304.
[20]
Jiachi Chen, Xin Xia, David Lo, and John C. Grundy. 2020. Why Do Smart Contracts Self-Destruct? Investigating the Selfdestruct Function on Ethereum. ACM Transactions on Software Engineering and Methodology (TOSEM) 31 (2020), 1 -- 37.
[21]
Jiachi Chen, Xin Xia, David Lo, John C. Grundy, Xiapu Luo, and Ting Chen. 2022. Defining Smart Contract Defects on Ethereum. IEEE Trans. Software Eng. 48, 2 (2022), 327--345.
[22]
Jiachi Chen, Xin Xia, D. Lo, John C. Grundy, and Xiaohu Yang. 2021. Maintenance-related concerns for post-deployed Ethereum smart contract development: issues, techniques, and future challenges. Empirical Software Engineering 26 (2021).
[23]
Ting Chen, Xiaoqi Li, Xiapu Luo, and Xiaosong Zhang. 2017. Under-optimized smart contracts devour your money. In SANER. IEEE Computer Society, 442--446.
[24]
Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and Sang Kil Cha. 2021. SMARTIAN: Enhancing smart contract fuzzing with static and dynamic data-flow analyses. In ASE. IEEE.
[25]
Wesley Dingman, Aviel Cohen, Nick Ferrara, Adam Lynch, Patrick Jasinski, Paul E. Black, and Lin Deng. 2019. Classification of Smart Contract Bugs Using the NIST Bugs Framework. In SERA. IEEE, 116--123.
[26]
Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In WETSEB@ICSE. IEEE / ACM.
[27]
Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages 2, OOPSLA (2018).
[28]
Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, and Alex Groce. 2020. Echidna: effective, usable, and fast fuzzing for smart contracts. In ISSTA. ACM, 557--560.
[29]
Alex Groce and Gustavo Grieco. 2021. echidna-parade: a tool for diverse multicore smart contract fuzzing. In ISSTA. ACM, 658--661.
[30]
Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2018. Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2, POPL (2018), 48:1--48:28.
[31]
Philip J. Guo, Jeff H. Perkins, Stephen McCamant, and Michael D. Ernst. 2006. Dynamic inference of abstract types. In International Symposium on Software Testing and Analysis.
[32]
Ákos Hajdu and Dejan Jovanovic. 2019. solc-verify: A Modular Verifier for Solidity Smart Contracts. In VSTTE (Lecture Notes in Computer Science, Vol. 12031). Springer, 161--179.
[33]
Sudheendra Hangal and Monica S. Lam. 2009. Automatic dimension inference and checking for object-oriented programs. 2009 IEEE 31st International Conference on Software Engineering (2009), 155--165.
[34]
Jingxuan He, Mislav Balunovic, Nodar Ambroladze, Petar Tsankov, and Martin T. Vechev. 2019. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In CCS. ACM, 531--548.
[35]
Jing Huang, Kuo Zhou, Ao Xiong, and Dongmeng Li. 2022. Smart contract vulnerability detection model based on multi-task learning. Sensors (2022).
[36]
Bo Jiang, Ye Liu, and Wing Kwong Chan. 2018. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In ASE. IEEE.
[37]
Jiao Jiao, Shuanglong Kan, Shang-Wei Lin, David Sanán, Yang Liu, and Jun Sun. 2020. Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity. 2020 IEEE Symposium on Security and Privacy (SP) (2020), 1695--1712.
[38]
Jiao Jiao, Shang-Wei Lin, and Jun Sun. 2020. A Generalized Formal Semantic Framework for Smart Contracts. Fundamental Approaches to Software Engineering 12076 (2020), 75 -- 96.
[39]
Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: analyzing safety of smart contracts. In NDSS.
[40]
Michael Karr and David B. Loveman. 1978. Incorporation of units into programming languages. Commun. ACM 21 (1978), 385--391.
[41]
Sayali Kate, John-Paul Ore, Xiangyu Zhang, Sebastian Elbaum, and Zhaogui Xu. 2018. Phys: Probabilistic Physical Unit Assignment and Inconsistency Detection. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (Lake Buena Vista, FL, USA) (ESEC/FSE 2018). 563--573.
[42]
Andrew J. Kennedy. 1994. Dimension Types. In European Symposium on Programming.
[43]
Johannes Krupp and Christian Rossow. 2018. teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In USENIX Security Symposium. USENIX Association, 1317--1333.
[44]
Jin lei Sun, Song Huang, Xingya Wang, Meijuan Wang, and Jinhu Du. 2022. A Detection Method for Scarcity Defect of Blockchain Digital Asset based on Invariant Analysis. 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) (2022), 73--84.
[45]
Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, and Bill Roscoe. 2018. Reguard: finding reentrancy bugs in smart contracts. In ICSE-Companion. IEEE.
[46]
Ye Liu. 2022. A Unified Specification Mining Framework for Smart Contracts. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (2022).
[47]
Ye Liu and Yi Li. 2022. InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (2022).
[48]
Ye Liu, Yi Li, Shang-Wei Lin, and Cyrille Artho. 2022. Finding permission bugs in smart contracts with role mining. Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (2022).
[49]
Ye Liu, Yi Li, Shang-Wei Lin, and Rong-Rong Zhao. 2020. Towards automated verification of smart contract fairness. Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2020).
[50]
Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani, and Anindya Banerjee. 2009. Merlin: specification inference for explicit information flow problems. In ACM-SIGPLAN Symposium on Programming Language Design and Implementation.
[51]
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security.
[52]
Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In ASE. IEEE.
[53]
Richard F Muth. 1964. The derived demand curve for a productive factor and the industry supply curve. Oxford Economic Papers 16, 2 (1964).
[54]
Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. sFuzz: an efficient adaptive fuzzer for solidity smart contracts. In ICSE. ACM, 778--788.
[55]
Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. In ACSAC. ACM, 653--663.
[56]
John-Paul Ore, Carrick Detweiler, and Sebastian G. Elbaum. 2017. Lightweight detection of physical unit inconsistencies without program annotations. Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis (2017).
[57]
Daniel Perez and Benjamin Livshits. 2021. Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited. In USENIX Security Symposium.
[58]
Valentina Piantadosi, Giovanni Rosa, Davide Placella, Simone Scalabrino, and Rocco Oliveto. 2022. Detecting functional and security-related issues in smart contracts: A systematic literature review. Software: Practice and Experience 53 (2022), 465 -- 495.
[59]
Veselin Raychev, Martin T. Vechev, and Andreas Krause. 2015. Predicting Program Properties from "Big Code". ACM SIGPLAN Notices 50 (2015), 111 -- 124.
[60]
Michael Rodler, Wenting Li, Ghassan O Karame, and Lucas Davi. 2018. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018).
[61]
Sunbeom So, Seongjoon Hong, and Hakjoo Oh. 2021. SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association.
[62]
Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, and Hakjoo Oh. 2020. VERISMART: A Highly Precise Safety Verifier for Ethereum Smart Contracts. In IEEE Symposium on Security and Privacy. IEEE, 1678--1694.
[63]
Bryan Tan, Benjamin Mariano, Shuvendu Lahiri, Isil Dillig, and Yu Feng. 2021. SolType: Refinement Types for Solidity. arXiv preprint arXiv:2110.00677 (2021).
[64]
Bryan Tan, Benjamin Mariano, Shuvendu K Lahiri, Isil Dillig, and Yu Feng. 2022. SolType: refinement types for arithmetic overflow in solidity. Proceedings of the ACM on Programming Languages 6, POPL (2022), 1--29.
[65]
Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. SmartCheck: Static Analysis of Ethereum Smart Contracts. In WETSEB@ICSE. ACM, 9--16.
[66]
Palina Tolmach, Yi Li, Shang-Wei Lin, Yang Liu, and Zengxiang Li. 2020. A Survey of Smart Contract Formal Specification and Verification. ACM Computing Surveys (CSUR) 54 (2020), 1 -- 38.
[67]
Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State. 2021. ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts. In EuroS&P. IEEE, 103--119.
[68]
Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin T. Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In CCS. ACM, 67--82.
[69]
Haijun Wang, Yi Li, Shang-Wei Lin, Lei Ma, and Yang Liu. 2019. Vultron: catching vulnerable smart contracts once and for all. In ICSE-NIER. IEEE.
[70]
Haijun Wang, Ye Liu, Yi Li, Shang-Wei Lin, Cyrille Artho, Lei Ma, and Yang Liu. 2020. Oracle-supported dynamic exploit generation for smart contracts. IEEE Transactions on Dependable and Secure Computing (2020).
[71]
Shuai Wang, Chengyu Zhang, and Zhendong Su. 2019. Detecting nondeterministic payment bugs in Ethereum smart contracts. Proceedings of the ACM on Programming Languages 3, OOPSLA (2019).
[72]
Yuepeng Wang, Shuvendu K. Lahiri, Shuo Chen, Rong Pan, Isil Dillig, Cody Born, Immad Naseer, and Kostas Ferles. 2019. Formal Verification of Workflow Policies for Smart Contracts in Azure Blockchain. In VSTTE (Lecture Notes in Computer Science, Vol. 12031). Springer, 87--106.
[73]
Zexu Wang, Bin Wen, Ziqiang Luo, and Shaojie Liu. 2021. MAR: A Dynamic Symbol Execution Detection Method for Smart Contract Reentry Vulnerability. In International Conference on Blockchain and Trustworthy Systems. Springer.
[74]
Valentin Wüstholz and Maria Christakis. 2020. Harvey: a greybox fuzzer for smart contracts. In ESEC/SIGSOFT FSE. ACM, 1398--1409.
[75]
Yinxing Xue, Jiaming Ye, Wei Zhang, Jun Sun, Lei Ma, Haijun Wang, and Jianjun Zhao. 2022. xFuzz: Machine Learning Guided Cross-Contract Fuzzing. IEEE Transactions on Dependable and Secure Computing (2022).
[76]
Pengcheng Zhang, Feng Xiao, and Xiapu Luo. 2020. A Framework and DataSet for Bugs in Ethereum Smart Contracts. In ICSME. IEEE, 139--150.
[77]
Wuqi Zhang, Lili Wei, S. C. Cheung, Yepang Liu, Shuqing Li, Luanqi Liu, and Michael R. Lyu. 2022. Combatting Front-Running in Smart Contracts: Attack Mining, Benchmark Construction and Vulnerability Detector Evaluation. IEEE Transactions on Software Engineering 49 (2022), 3630--3646.
[78]
Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying Exploitable Bugs in Smart Contracts. 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE) (2023), 615--627.
[79]
Ence Zhou, Song Hua, Bingfeng Pi, Jun Sun, Yashihide Nomura, Kazuhiro Yamashita, and Hidetoshi Kurihara. 2018. Security assurance for smart contract. In NTMS. IEEE.
Index Terms
- Towards Finding Accounting Errors in Smart Contracts
Recommendations
An overview on smart contracts: Challenges, advances and platforms
AbstractSmart contract technology is reshaping conventional industry and business processes. Being embedded in blockchains, smart contracts enable the contractual terms of an agreement to be enforced automatically without the intervention of a trusted ...
Highlights- Opportunities of smart contracts for industrial internet of things.
- Lifecycle and platforms of smart contracts.
- Applications of smart contracts.
- Challenges and advances of smart contracts.
Modeling and Verification of Solidity Smart Contracts with the B Method
Engineering of Complex Computer SystemsAbstractSmart contracts written using the Solidity programming language of the Ethereum platform are well-known to be subject to bugs and vulnerabilities, which already have led to the loss of millions of dollars worth of assets. Since smart contract code ...
Demystifying Exploitable Bugs in Smart Contracts
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringExploitable bugs in smart contracts have caused significant monetary loss. Despite the substantial advances in smart contract bug finding, exploitable bugs and real-world attacks are still trending. In this paper we systematically investigate 516 ...
Comments
Information & Contributors
Information
Published In
May 2024
2942 pages
ISBN:9798400702174
DOI:10.1145/3597503
- Co-chairs:
- Ana Paiva,
- Rui Abreu,
- Program Co-chairs:
- Abhik Roychoudhury,
- Margaret Storey
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
- Faculty of Engineering of University of Porto
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 April 2024
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Conference
ICSE '24
Sponsor:
ICSE '24: IEEE/ACM 46th International Conference on Software Engineering
April 14 - 20, 2024
Lisbon, Portugal
Acceptance Rates
Overall Acceptance Rate 276 of 1,856 submissions, 15%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 201Total Downloads
- Downloads (Last 12 months)201
- Downloads (Last 6 weeks)38
Reflects downloads up to 10 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in