hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
TODler: A Transaction Ordering Dependency anaLyzER - for Ethereum Smart Contracts
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-6817-6438
Lund University, Lund, Sweden.
2023 (English)In: 2023 IEEE/ACM 6th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB): Conference Proceedings, Piscataway: Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 9-16Conference paper, Published paper (Refereed)
Abstract [en]

Smart contracts are programs with data (mutable state); stored on and executed by blockchain platforms. The transactions (or function invocations) dispatched to smart contracts often change their state. In the Ethereum blockchain, nodes (aka miners/validators) can schedule a set of transactions in any order in a block. Multiple transactions in a single block operating on a contract's shared state may yield different outcomes based on their execution order, thus creating a possibility for non-determinism and races between transactions. The resulting issue in Ethereum smart contracts is Transaction Ordering Dependency (TOD). Detecting a TOD requires identifying valid transactions affecting a contract's global/state variables which is equivalent to detecting read-after-write dependencies in race detection, and we expect it to be similarly nontrivial for human developers. In this paper, we identify various TODs, including a novel type previously undocumented in the literature. To detect these TODs, we propose an information flow analysis-based static analyzer, TODler. Our manual evaluation of 108 Ethereum smart contracts shows that TODler outperforms previously available approaches in terms of both run time and precision and also detects the novel TOD pattern identified in this paper. © 2023 IEEE

Place, publisher, year, edition, pages
Piscataway: Institute of Electrical and Electronics Engineers (IEEE), 2023. p. 9-16
Keywords [en]
smart contracts, static analysis, vulnerability detection
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:hh:diva-51572DOI: 10.1109/WETSEB59161.2023.00007ISI: 001042168200003Scopus ID: 2-s2.0-85169085075&OAI: oai:DiVA.org:hh-51572DiVA, id: diva2:1794052
Conference
2023 IEEE/ACM 6th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Melbourne, Australia, May 14, 2023
Funder
ELLIIT - The Linköping‐Lund Initiative on IT and Mobile CommunicationsKnut and Alice Wallenberg Foundation
Note

This research is part of Halmstad University projects funded by Sweden’s ELLIIT Strategic Research Environment and was partially supported by the Wallenberg Artificial Intelligence, Autonomous Systems and Software Program (WASP) funded by the Knut and Alice Wallenberg Foundation. 

Available from: 2023-09-04 Created: 2023-09-04 Last updated: 2023-09-07Bibliographically approved
In thesis
1. Pre-deployment Analysis of Smart Contracts
Open this publication in new window or tab >>Pre-deployment Analysis of Smart Contracts
2023 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Smart contracts are programs that reside and execute on top of blockchains. These programs commonly perform financial transactions and contain the backend logic of several blockchain-supported applications. The presence of errors and bugs in smart contracts poses security threats to the applications they support. This is especially concerning because operations performed by smart contracts are irreversible after deployment due to the immutable nature of blockchains. Thus, ensuring their correctness and security before deployment is important. For this purpose, several program analysis and verification approaches are being actively researched and applied to smart contracts.

The volume of research in this area makes it challenging to articulate the state-of-the-art. The first contribution of this thesis is to investigate how predeployment analysis techniques ensure the correctness and security of smart contracts. This investigation factors out the relationship between vulnerabilities in smart contracts and pre-deployment analysis techniques through properties they address.

Among the range of issues uncovered by the investigation, one notable set pertains to non-deterministic factors involved in the context of contract execution. For example, transactions (function invocations) dispatched to smart contracts are scheduled in non-deterministic order, and asynchronous calls to external services (known as oracles) return in a non-deterministic order. Consequently, these factors may cause data races and non-deterministic bugs in smart contracts. The second contribution of this thesis is to address such issues by unraveling specific forms of data races in Ethereum smart contracts, denoted as transactional data races. The thesis also presents a static analysis approach to detect issues arising from transactional data races.

In addition, this thesis makes a third contribution relating to a design approach for Domain Specific Languages (DSLs). Research on DSL design approaches has the potential to complement the research on smart contracts, as smart contracts are commonly written using DSLs. This thesis proposes an agile approach for designing a DSL for automotive safety test grounds. This approach enables increased communication and learning between different stakeholders involved in DSL development.

Finally, this thesis highlights our future research endeavors concerning various forms of concurrency and non-determinism-related issues in smart contracts.

Place, publisher, year, edition, pages
Halmstad: Halmstad University Press, 2023. p. 28
Series
Halmstad University Dissertations ; 101
National Category
Computer Sciences Computer Systems
Identifiers
urn:nbn:se:hh:diva-51575 (URN)978-91-89587-15-1 (ISBN)978-91-89587-14-4 (ISBN)
Presentation
2023-09-29, R4129, Högskolan i Halmstad, Halmstad, 15:00 (English)
Opponent
Supervisors
Available from: 2023-09-07 Created: 2023-09-04 Last updated: 2023-09-07Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Munir, Sundas

Search in DiVA

By author/editor
Munir, Sundas
By organisation
School of Information Technology
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 51 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf