Sun 23 Jun 2019 12:00 - 12:30 at 212B - Session II Chair(s): Max Schaefer

Smart contracts on blockchain platforms (e.g. Ethereum) represent a software domain with critical correctness needs. Smart contract users and security auditors can greatly benefit from a mechanism to recover the original structure of contracts, as evident from past work: many security analyses of smart contracts begin with a decompilation step. In this talk, we present the Gigahorse framework, which is at the core of the contract-library.com service. Contract-library.com contains the most complete, high-level decompiled representation of all Ethereum smart contracts, with security analyses applied to these in realtime. The Gigahorse framework is a decompilation and security analysis framework that natively supports Ethereum Virtual Machine (EVM) bytecode. Its internal intermediate representation of smart contracts makes implicit data- and control-flow dependencies of the EVM bytecode explicit. Using this framework we have developed and adapted several advanced high-level client analyses, including MadMax and Ethainter. All our client analyses benefit from high-level domain-specific concepts (such as “dynamic data structure storage” and “safely resumable loops”) and achieve high precision and scalability. One such client analysis, MadMax, flags contracts with a current monetary value in the $B range. (Manual inspection of a sample of flagged contracts shows that 81% of the sampled warnings do indeed lead to vulnerabilities.)

Sun 23 Jun

dpa-2019-papers
11:30 - 12:30: DPA - Session II at 212B
Chair(s): Max SchaeferGitHub
dpa-2019-papers11:30 - 12:00
Talk
Vineeth KashyapGrammaTech, Inc.
dpa-2019-papers12:00 - 12:30
Talk
Neville GrechUniversity of Athens