Precise Attack Synthesis for Smart Contracts

Smart contracts are programs running on top of blockchain platforms. They interact with each other through well-defined interfaces to perform financial transactions in a distributed system with no trusted third parties. But these interfaces also provide a favorable setting for attackers, who can exploit security vulnerabilities in smart contracts to achieve financial gain. This paper presents SmartScopy, a system for automatic synthesis of adversarial contracts that identify and exploit vulnerabilities in a victim smart contract. Our tool explores the space of \emph{attack programs} based on the Application Binary Interface (ABI) specification of a victim smart contract in the Ethereum ecosystem. To make the synthesis tractable, we introduce \emph{summary-based symbolic evaluation}, which significantly reduces the number of instructions that our synthesizer needs to evaluate symbolically, without compromising the precision of the vulnerability query. Building on the summary-based symbolic evaluation, SmartScopy further introduces a novel approach for partitioning the synthesis search space for parallel exploration, as well as a lightweight deduction technique that can prune infeasible candidates earlier. We encoded common vulnerabilities of smart contracts in our query language, and evaluated SmartScopy on the entire data set from etherscan with $>$25K smart contracts. Our experiments demonstrate the benefits of summary-based symbolic evaluation and show that SmartScopy outperforms two state-of-the-art smart contracts analyzers, Oyente and Contractfuzz, in terms of running time, precision, and soundness. Furthermore, running on recent popular smart contracts, SmartScopy uncovers 20 vulnerable smart contracts that contain the recent BatchOverflow vulnerability and cannot be precisely detected by existing tools.

[1]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[2]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[3]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[4]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[5]  Armin Biere,et al.  Boolector 2.0 , 2015, J. Satisf. Boolean Model. Comput..

[6]  David Brumley,et al.  Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.

[7]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[8]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[9]  Emina Torlak,et al.  A lightweight symbolic virtual machine for solver-aided host languages , 2014, PLDI.

[10]  David Brumley,et al.  AEG: Automatic Exploit Generation , 2011, NDSS.

[11]  Christian Rossow,et al.  teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts , 2018, USENIX Security Symposium.

[12]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[13]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[14]  Yannis Smaragdakis,et al.  MadMax: surviving out-of-gas conditions in Ethereum smart contracts , 2018, Proc. ACM Program. Lang..

[15]  Ittai Abraham,et al.  Online detection of effectively callback free objects with applications to smart contracts , 2017, Proc. ACM Program. Lang..

[16]  Yi Zhou,et al.  Erays: Reverse Engineering Ethereum's Opaque Smart Contracts , 2018, USENIX Security Symposium.

[17]  Zvonimir Rakamaric,et al.  SMACK: Decoupling Source Language Details from Verifier Implementations , 2014, CAV.

[18]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[19]  Armin Biere,et al.  Boolector 2 . 0 system description , 2015 .