Specification Mining for Smart Contracts with Automatic Abstraction Tuning

Smart contracts are programs that manage digital assets according to a certain protocol, expressing for instance the rules of an auction. Understanding the possible behaviors of a smart contract is difficult, which complicates development, auditing, and the post-mortem analysis of attacks. This paper presents the first specification mining technique for smart contracts. Our technique extracts the possible behaviors of smart contracts from contract executions recorded on a blockchain and expresses them as finite automata. A novel dependency analysis allows us to separate independent interactions with a contract. Our technique tunes the abstractions for the automata construction automatically based on configurable metrics, for instance, to maximize readability or precision. We implemented our technique for the Ethereum blockchain and evaluated its usability on several real-world contracts.

[1]  Nick Szabo,et al.  Smart Contracts: Building Blocks for Digital Markets , 2018 .

[2]  David Lo,et al.  Mining Scenario-Based Triggers and Effects , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[3]  Rastislav Bodík,et al.  Jungloid mining: helping to navigate the API jungle , 2005, PLDI '05.

[4]  Siau-Cheng Khoo,et al.  SMArTIC: towards building an accurate, robust and scalable specification miner , 2006, SIGSOFT '06/FSE-14.

[5]  Eran Yahav,et al.  Static Specification Mining Using Automata-Based Abstractions , 2008, IEEE Trans. Software Eng..

[6]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[7]  Mangala Gowri Nanda,et al.  Deriving object typestates in the presence of inter-object references , 2005, OOPSLA '05.

[8]  N. Metropolis,et al.  Equation of State Calculations by Fast Computing Machines , 1953, Resonance.

[9]  Siraj Raval,et al.  Decentralized Applications: Harnessing Bitcoin's Blockchain Technology , 2016 .

[10]  Massimo Bartoletti,et al.  Financial Cryptography and Data Security , 2017, Lecture Notes in Computer Science.

[11]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[12]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[13]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[14]  Andy Chou,et al.  A simple method for extracting models from protocol code , 2001, Proceedings 28th Annual International Symposium on Computer Architecture.

[15]  Martin C. Rinard,et al.  Role-based exploration of object-oriented programs , 2002, ICSE '02.

[16]  Sidney Amani,et al.  Towards verifying ethereum smart contract bytecode in Isabelle/HOL , 2018, CPP.

[17]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[18]  Mary Shaw,et al.  Semantic anomaly detection in online data sources , 2002, ICSE '02.

[19]  Zhendong Su,et al.  Online inference and enforcement of temporal properties , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[20]  Andreas Zeller,et al.  Mining object behavior with ADABU , 2006, WODA '06.

[21]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[22]  George C. Necula,et al.  Mining Temporal Specifications for Error Detection , 2005, TACAS.

[23]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[24]  Zhendong Su,et al.  Achieving high coverage for floating-point code via unconstrained programming , 2017, PLDI.

[25]  Boudewijn F. van Dongen,et al.  Workflow mining: A survey of issues and approaches , 2003, Data Knowl. Eng..

[26]  Patrick Lam,et al.  A Type System and Analysis for the Automatic Extraction and Enforcement of Design Information , 2003, ECOOP.

[27]  Leonardo Mariani,et al.  Towards Self-Protecting Enterprise Applications , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[28]  S. Chib,et al.  Understanding the Metropolis-Hastings Algorithm , 1995 .

[29]  Zhendong Su,et al.  Mathematical Execution: A Unified Approach for Testing Numerical Code , 2016, ArXiv.

[30]  Benjamin Livshits,et al.  DynaMine: finding common error patterns by mining software revision histories , 2005, ESEC/FSE-13.

[31]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[32]  Massimo Bartoletti,et al.  Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact , 2017, Future Gener. Comput. Syst..

[33]  Yuriy Brun,et al.  Unifying FSM-inference algorithms through declarative specification , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[34]  N. Radziwill Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the World. , 2018 .

[35]  Ittai Abraham,et al.  Online detection of effectively callback free objects with applications to smart contracts , 2017, Proc. ACM Program. Lang..

[36]  Pedro Franco,et al.  Understanding Bitcoin: Cryptography, Engineering and Economics , 2014 .

[37]  Eleni Stroulia,et al.  From run-time behavior to usage scenarios: an interaction-pattern mining approach , 2002, KDD.

[38]  Monica S. Lam,et al.  Automatic extraction of object-oriented component interfaces , 2002, ISSTA '02.

[39]  Yuriy Brun,et al.  Automatic mining of specifications from invocation traces and method invariants , 2014, SIGSOFT FSE.

[40]  Melanie Swan,et al.  Blockchain: Blueprint for a New Economy , 2015 .

[41]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[42]  Thomas R. Gross,et al.  Automatic Generation of Object Usage Specifications from Large Method Traces , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[43]  Krishnendu Chatterjee,et al.  Quantitative Analysis of Smart Contracts , 2018, ESOP.

[44]  Zhendong Su,et al.  Symbolic mining of temporal specifications , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[45]  Hoan Anh Nguyen,et al.  Graph-based mining of multiple object usage patterns , 2009, ESEC/FSE '09.

[46]  Leonardo Mariani,et al.  Dynamic Detection of COTS Component Incompatibility , 2007, IEEE Software.

[47]  W. Bolt Bitcoin and Cryptocurrency Technologies : A Comprehensive Introduction , 2017 .

[48]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[49]  Zhendong Su,et al.  Javert: fully automatic mining of general temporal properties from dynamic traces , 2008, SIGSOFT '08/FSE-16.

[50]  Siau-Cheng Khoo,et al.  Mining modal scenario-based specifications from execution traces of reactive systems , 2007, ASE '07.

[51]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[52]  Andreas M. Antonopoulos,et al.  Mastering Bitcoin: Unlocking Digital Crypto-Currencies , 2014 .

[53]  Manuvir Das,et al.  Perracotta: mining temporal API rules from imperfect traces , 2006, ICSE.

[54]  Alexander L. Wolf,et al.  Discovering models of software processes from event-based data , 1998, TSEM.

[55]  Xiapu Luo,et al.  Under-optimized smart contracts devour your money , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[56]  David Lo,et al.  Scenario-based and value-based specification mining: better together , 2010, ASE '10.

[57]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[58]  Jerome A. Feldman,et al.  On the Synthesis of Finite-State Machines from Samples of Their Behavior , 1972, IEEE Transactions on Computers.

[59]  Dirk Fahland,et al.  Mining branching-time scenarios , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[60]  Andreas Zeller,et al.  Detecting object usage anomalies , 2007, ESEC-FSE '07.

[61]  Mira Mezini,et al.  Ieee Transactions on Software Engineering 1 Automated Api Property Inference Techniques , 2022 .

[62]  Ilya Sergey,et al.  A Concurrent Perspective on Smart Contracts , 2017, Financial Cryptography Workshops.