论文信息 - Securing smart contract with runtime validation

Securing smart contract with runtime validation

We present Solythesis, a source to source Solidity compiler which takes a smart contract code and a user specified invariant as the input and produces an instrumented contract that rejects all transactions that violate the invariant. The design of Solythesis is driven by our observation that the consensus protocol and the storage layer are the primary and the secondary performance bottlenecks of Ethereum, respectively. Solythesis operates with our novel delta update and delta check techniques to minimize the overhead caused by the instrumented storage access statements. Our experimental results validate our hypothesis that the overhead of runtime validation, which is often too expensive for other domains, is in fact negligible for smart contracts. The CPU overhead of Solythesis is only 0.1% on average for our 23 benchmark contracts.

Fan Long | Jemin Andrew Choi | Ao Li

[1] Chengyu Zhang,et al. Detecting nondeterministic payment bugs in Ethereum smart contracts , 2019, Proc. ACM Program. Lang..

[2] Prateek Saxena,et al. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[3] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.

[4] Grigore Rosu,et al. 𝕂: A Semantic Framework for Programming Languages and Formal Analysis Tools , 2017, Dependable Software Systems Engineering.

[5] Mathias Payer,et al. HexType: Efficient Detection of Type Confusion Errors for C++ , 2017, CCS.

[6] Nikhil Swamy,et al. Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[7] Petar Tsankov,et al. Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[8] Prateek Saxena,et al. OHIE: Blockchain Scaling Made Simple , 2018, 2020 IEEE Symposium on Security and Privacy (SP).

[9] Nikolai Kosmatov,et al. An Optimized Memory Monitoring for Runtime Assertion Checking of C Programs , 2013, RV.

[10] Milo M. K. Martin,et al. Everything You Want to Know About Pointer-Based Checking , 2015, SNAPL.

[11] Rastislav Bodík,et al. DITTO: automatic incrementalization of data structure invariant checks (in Java) , 2007, PLDI '07.

[12] Yi Zhang,et al. KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[13] Prateek Saxena,et al. Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[14] LhotákOndřej,et al. Adding trace matching with free variables to AspectJ , 2005 .

[15] Felix Klaedtke,et al. MONPOLY: Monitoring Usage-Control Policies , 2011, RV.

[16] VARUN CHANDOLA,et al. Anomaly detection: A survey , 2009, CSUR.

[17] Martín Abadi,et al. Control-flow integrity , 2005, CCS '05.

[18] Deian Stefan,et al. CT-wasm: type-driven secure cryptography for the web ecosystem , 2018, Proc. ACM Program. Lang..

[19] Fan Long,et al. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity , 2015, CCS.

[20] Ye Liu,et al. ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[21] Sreeram Kannan,et al. Deconstructing the Blockchain to Approach Physical Limits , 2018, IACR Cryptol. ePrint Arch..

[22] Abhishek Dubey,et al. VeriSolid: Correct-by-Design Smart Contracts for Ethereum , 2019, Financial Cryptography.

[23] Fan Long,et al. Automatic runtime error repair and containment via recovery shepherding , 2014, PLDI.

[24] Emery D. Berger,et al. DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[25] Ao Li,et al. Detecting Standard Violation Errors in Smart Contracts , 2018, ArXiv.

[26] Mislav Balunovic,et al. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts , 2019, CCS.

[27] Brad A. Myers,et al. Obsidian: Typestate and Assets for Safer Blockchain Programming , 2019, ACM Trans. Program. Lang. Syst..

[28] Philipp Jovanovic,et al. OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29] Grigore Rosu,et al. JavaMOP: Efficient parametric runtime monitoring framework , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[30] Grigore Rosu,et al. A Language-Independent Approach to Smart Contract Verification , 2018, ISoLA.

[31] Aviv Zohar,et al. Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[32] Ilya Sergey,et al. Safer smart contract programming with Scilla , 2019, Proc. ACM Program. Lang..

[33] Rajeev Barua,et al. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime , 2010, SCAM.

[34] E AndersonThomas,et al. Efficient software-based fault isolation , 1993 .

[35] Sukrit Kalra,et al. ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[36] Wei Xu,et al. Scaling Nakamoto Consensus to Thousands of Transactions per Second , 2018, ArXiv.

[37] Gordon J. Pace,et al. Runtime Verification of Ethereum Smart Contracts , 2018, 2018 14th European Dependable Computing Conference (EDCC).

[38] Grigore Rosu,et al. IELE: A Rigorously Designed Language and Tool Ecosystem for the Blockchain , 2019, FM.

[39] Emin Gün Sirer,et al. Scalable and Probabilistic Leaderless BFT Consensus through Metastability , 2019, ArXiv.

[40] Prateek Saxena,et al. Exploiting the laws of order in smart contracts , 2018, ISSTA.

[41] Ghassan O. Karame,et al. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks , 2018, NDSS.

[42] Dimitar Dimitrov,et al. VerX: Safety Verification of Smart Contracts , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[43] Daniel Davis Wood,et al. ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[44] Silvio Micali,et al. Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[45] Yuxing Tang,et al. SODA: A Generic Online Detection Framework for Smart Contracts , 2020, NDSS.

[46] Howard Barringer,et al. Quantified Event Automata: Towards Expressive and Efficient Runtime Monitors , 2012, FM.

[47] S. Nakamoto,et al. Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .