TY - JOUR
TI - MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts
AU - NEVILLE GRECH
AU - MICHAEL KONG
AU - ANTON JURISEVIC
AU - LEXI BRENT
AU - BERNHARD SCHOLZ
AU - YANNIS SMARAGDAKIS
JO - PACM/PL
PY - 2018
VL - 2
TODO - OOPSLA
SP - 116:1-116:27
PB - Association for Computing Machinery (ACM)
SN - 2475-1421
TODO - null
TODO - Program Analysis, Smart Contracts, Security, Blockchain
TODO - Ethereum is a distributed blockchain platform, serving as an ecosystem for smart contracts: full-fledged inter-
communicating programs that capture the transaction logic of an account. Unlike programs in mainstream
languages, a gas limit restricts the execution of an Ethereum smart contract: execution proceeds as long as gas
is available. Thus, gas is a valuable resource that can be manipulated by an attacker to provoke unwanted
behavior in a victim’s smart contract (e.g., wasting or blocking funds of said victim). Gas-focused vulnerabilities
exploit undesired behavior when a contract (directly or through other interacting contracts) runs out of gas.
Such vulnerabilities are among the hardest for programmers to protect against, as out-of-gas behavior may be
uncommon in non-attack scenarios and reasoning about it is far from trivial.
In this paper, we classify and identify gas-focused vulnerabilities, and present MadMax: a static program
analysis technique to automatically detect gas-focused vulnerabilities with very high confidence. Our approach
combines a control-flow-analysis-based decompiler and declarative program-structure queries. The combined
analysis captures high-level domain-specific concepts (such as łdynamic data structure storagež and łsafely
resumable loopsž) and achieves high precision and scalability. MadMax analyzes the entirety of smart contracts
in the Ethereum blockchain in just 10 hours (with decompilation timeouts in 8% of the cases) and flags contracts
with a (highly volatile) monetary value of over $2.8B as vulnerable. Manual inspection of a sample of flagged
contracts shows that 81% of the sampled warnings do indeed lead to vulnerabilities, which we report on in
our experiment.
ER -