Τίτλος:
Ethainter: A Smart Contract Security Analyzer for Composite
Vulnerabilities
Γλώσσες Τεκμηρίου:
Αγγλικά
Περίληψη:
Smart contracts on permissionless blockchains are exposed to inherent
security risks due to interactions with untrusted entities. Static
analyzers are essential for identifying security risks and avoiding
millions of dollars worth of damage.
We introduce Ethainter, a security analyzer checking information flow
with data sanitization in smart contracts. Ethainter identifies
composite attacks that involve an escalation of tainted information,
through multiple transactions, leading to severe violations. The
analysis scales to the entire blockchain, consisting of hundreds of
thousands of unique smart contracts, deployed over millions of accounts.
Ethainter is more precise than previous approaches, as we confirm by
automatic exploit generation (e.g., destroying over 800 contracts on the
Ropsten network) and by manual inspection, showing a very high precision
of 82.5% valid warnings for end-to-end vulnerabilities. Ethainter’s
balance of precision and completeness offers significant advantages over
other tools such as Securify, Securify2, and teEther.
Συγγραφείς:
Brent, Lexi
Grech, Neville
Lagouvardos, Sifis
Scholz,
Bernhard
Smaragdakis, Yannis
Εκδότης:
ASSOCIATION FOR COMPUTING MACHINERY
Τίτλος συνεδρίου:
PROCEEDINGS OF THE 41ST ACM SIGPLAN CONFERENCE ON PROGRAMMING LANGUAGE
DESIGN AND IMPLEMENTATION (PLDI `20)
Λέξεις-κλειδιά:
static analysis; information flow; smart contracts
DOI:
10.1145/3385412.3385990
