Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities (PLDI 2020 - PLDI Research Papers)

Write a Blog >>

Mon 15 - Fri 19 June 2020

Who

Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, Yannis Smaragdakis

Track

PLDI 2020 PLDI Research Papers

Time Zone

The program is currently displayed in (GMT-07:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-07:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 19 Jun 2020 09:40 - 10:00 at PLDI Research Papers live stream - Smart Contracts Chair(s): Ilya Sergey

Abstract

Smart contracts on permissionless blockchains are exposed to inherent security risks due to interactions with untrusted entities. Static analyzers are essential for identifying security risks and avoiding millions of dollars worth of damage.

We introduce Ethainter, a security analyzer checking information flow with data sanitization in smart contracts. Ethainter identifies composite attacks that involve an escalation of tainted information, through multiple transactions, leading to severe violations. The analysis scales to the entire blockchain, consisting of hundreds of thousands of unique smart contracts, deployed over millions of accounts. Ethainter is more precise than previous approaches, as we confirm by automatic exploit generation (e.g., destroying over 800 contracts on the Ropsten network) and by manual inspection, showing a very high
precision of 82.5% valid warnings for end-to-end vulnerabilities. Ethainter's balance of precision and completeness offers significant advantages over other tools such as Securify, Securify2, and teEther.

Lexi Brent

International Computer Science Institute, USA / University of Sydney, Australia

Neville Grech

University of Athens, Greece

Greece

Sifis Lagouvardos

University of Athens, Greece

Bernhard Scholz

University of Sydney, Australia

Yannis Smaragdakis

University of Athens, Greece

Greece

Time Zone

The program is currently displayed in (GMT-07:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-07:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 19 Jun
Displayed time zone: Pacific Time (US & Canada) change

09:20 - 10:20	Smart ContractsPLDI Research Papers at PLDI Research Papers live stream Chair(s): Ilya Sergey Yale-NUS College and National University of Singapore YouTube lightning session video

09:20 20m Talk		Securing Smart Contract with Runtime Validation PLDI Research Papers Ao Li University of Toronto, Canada, Jemin Andrew Choi University of Toronto, Canada, Fan Long University of Toronto, Canada
09:40 20m Talk		Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities PLDI Research Papers Lexi Brent International Computer Science Institute, USA / University of Sydney, Australia, Neville Grech University of Athens, Greece, Sifis Lagouvardos University of Athens, Greece, Bernhard Scholz University of Sydney, Australia, Yannis Smaragdakis University of Athens, Greece
10:00 20m Talk		Behavioral Simulation for Smart Contracts PLDI Research Papers Sidi Mohamed Beillahi IRIF - Université de Paris, Gabriela Ciocarlie SRI International, Michael Emmi Amazon Web Services, Constantin Enea University of Paris Diderot, France