GASTAP: A Gas Analyzer for Smart Contracts

Gas is a measurement unit of the computational effort that it will take to execute every single operation that takes part in the Ethereum blockchain platform. Each instruction executed by the Ethereum Virtual Machine (EVM) has an associated gas consumption specified by Ethereum. If a transaction exceeds the amount of gas allotted by the user (known as gas limit), an out-of-gas exception is raised. There is a wide family of contract vulnerabilities due to out-of-gas behaviours. We report on the design and implementation of GASTAP, a Gas-Aware Smart contracT Analysis Platform, which takes as input a smart contract (either in EVM, disassembled EVM, or in Solidity source code) and automatically infers sound gas upper bounds for all its public functions. Our bounds ensure that if the gas limit paid by the user is higher than our inferred gas bounds, the contract is free of out-of-gas vulnerabilities.

[1]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[2]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[3]  K. Bhargavan,et al.  : Formal Verification of Smart Contracts , 2016 .

[4]  Prateek Saxena,et al.  Exploiting the laws of order in smart contracts , 2018, ISSTA.

[5]  Ben Wegbreit,et al.  Mechanical program analysis , 1975, CACM.

[6]  Natasha Sharygina,et al.  Computing Exact Worst-Case Gas Consumption for Smart Contracts , 2018, ISoLA.

[7]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[8]  Christian Rossow,et al.  teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts , 2018, USENIX Security Symposium.

[9]  Reiner Hähnle,et al.  Resource Analysis of Complex Programs with Cost Equations , 2014, APLAS.

[10]  Yannis Smaragdakis,et al.  MadMax: surviving out-of-gas conditions in Ethereum smart contracts , 2018, Proc. ACM Program. Lang..

[11]  Ittai Abraham,et al.  Online detection of effectively callback free objects with applications to smart contracts , 2017, Proc. ACM Program. Lang..

[12]  Elvira Albert,et al.  Automatic Inference of Upper Bounds for Recurrence Relations in Cost Analysis , 2008, SAS.

[13]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[14]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[15]  Jürgen Giesl,et al.  Analyzing Runtime and Size Complexity of Integer Programs , 2016, ACM Trans. Program. Lang. Syst..

[16]  Albert Rubio,et al.  EthIR: A Framework for High-Level Analysis of Ethereum Bytecode , 2018, ATVA.

[17]  Xiapu Luo,et al.  Under-optimized smart contracts devour your money , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[18]  Elvira Albert,et al.  Peak Cost Analysis of Distributed Systems , 2014, SAS.

[19]  Sidney Amani,et al.  Towards verifying ethereum smart contract bytecode in Isabelle/HOL , 2018, CPP.

[20]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[21]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[22]  Elvira Albert,et al.  SACO: Static Analyzer for Concurrent Objects , 2014, TACAS.

[23]  Vincent Gramoli,et al.  Vandal: A Scalable Security Analysis Framework for Smart Contracts , 2018, ArXiv.

[24]  Martin Hofmann,et al.  Multivariate amortized resource analysis , 2011, POPL '11.

[25]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[26]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..