Authors
Ivica Nikolić, Aashish Kolluri, Ilya Sergey, Prateek Saxena, Aquinas Hobor
Publication date
2018/12/3
Book
Proceedings of the 34th annual computer security applications conference
Pages
653-663
Description
Smart contracts---stateful executable objects hosted on blockchains like Ethereum---carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime. We focus attention on three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone. We implemented Maian, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits. Our analysis of nearly one million contracts flags 34, 200 (2, 365 distinct) contracts vulnerable, in 10 seconds per contract. On a subset of 3, 759 contracts which we sampled for concrete validation and manual analysis, we …
Scholar articles
I Nikolić, A Kolluri, I Sergey, P Saxena, A Hobor - Proceedings of the 34th annual computer security …, 2018
I Nikolic, A Kolluri, I Sergey, P Saxena, A Hobor - Unpublished, submitted, avaliable at, 2019
I Nikolic, A Kolluri, I Sergey, P Saxena, A Hobor - arXiv preprint arXiv:1802.06038, 2018
I Nikolic, A Kolluri, I Sergey, P Saxena, A Hobor - Prodigal, and Suicidal Contracts at Scale. arXiv e-prints, 1802
