can call into the public methods of other programs, leading to potentially dangerous compositions of trusted and untrusted code 2 https://www.omnisecu.com/ Ethereum is a distributed computing platform where anyone can run code (theirs and others) by paying for the associated gas charges
making their security highly sensitive The goal is to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts. 3
EVM had a maximum size of 1024 frames which, once reached, would cause the next function call to fail along with its subcalls An attacker could exploit such a limitation by generating a number of calls to the vulnerable contract as to almost fill the stack, counting on the targeted contract to mishandle (or not handle at all) the incurred full stack failure, and use the next function call to exploit this pitfall The changes introduced in Ethereum’s hardfork in October 2016 make this call stack limit practically unreachable 4
University of Singapore • It is implemented in Python, uses Z3 as a backend SMT solver • It is based on symbolic execution and functions over the bytecode which needs to be provided as input along with Ethereum’s global state • The tool targets four bugs by checking for specific conditions: transaction order dependence, timestamp dependence, mishandled exceptions and reentrancy https://github.com/enzymefinance/oyente 8
bytecode ❏ Explorer: simulates the behaviour of EVM instructions and makes use of Z3 to decide on path conditions ❏ CoreAnalysis: it comprises 4 components to detect the 4 types of bugs, which work by checking specific conditions when analyzing the symbolic traces ❏ Validator: this step is added to reduce the rate of false positives Oyente components 9
by the Ethereum Virtual Machine (EVM): • Application Binary Interface (ABI): a communication layer between solidity and Javascript, in JSON format • Bytecode: the low level machine language that gets executed by the the EVM 10
080604052348015600f57600080fd5b5060878061001e6000396 000f3fe6080604052348015600f57600080fd5b5060043610602 8576003560e01c8063037a417c14602d575b600080fd5b603360 49565b6040518082815260200191505060405180910390f35b56 Note: For verification it is favorable to obtain both Solidity source code and EVM bytecode for a given smart contract, but only less that 1% contracts have their source code available 12
bytecode ❏ Explorer: simulates the behaviour of EVM instructions and makes use of Z3 to decide on path conditions ❏ CoreAnalysis: it comprises 4 components to detect the 4 types of bugs, which work by checking specific conditions when analyzing the symbolic traces ❏ Validator: this step is added to reduce the rate of false positives Oyente components 15
bugs: • arithmetic bugs like integer underflows/overflows and bugs caused by divisions where the denominator is zero • truncation bugs which can happen when converting a value into a new type with a shorter range than that of its initial type and • signedness bugs that can occur when converting a signed integer typed value into an unsigned integer type (or the opposite). https://github.com/christoftorres/Osiris 16
Graiet. "A survey on formal verification for solidity smart contracts." In 2021 Australasian Computer Science Week Multiconference, pp. 1-10. 2021. • Bhargavan, Karthikeyan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova et al. "Formal verification of smart contracts: Short paper." In Proceedings of the 2016 ACM workshop on programming languages and analysis for security, pp. 91-96. 2016. • Luu, Loi, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. "Making smart contracts smarter." In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp. 254-269. 2016. • Torres, Christof Ferreira, Julian Schütte, and Radu State. "Osiris: Hunting for integer bugs in ethereum smart contracts." In Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664-676. 2018. 17