hh.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Static Detection of Missing Validations in Solidity Smart Contracts
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-6817-6438
Halmstad University, School of Information Technology.ORCID iD: 0000-0003-3160-9188
Eagle Games Sweden Ab, Halmstad, Sweden.
2024 (English)In: Proceedings of the 2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024, Piscataway: IEEE, 2024, p. 413-420, article id 202876Conference paper, Published paper (Refereed)
Abstract [en]

The Solidity smart contract language is deterministic by design. Nevertheless, some instances of nondeterminism (ND) in smart contracts stem from unpredictable inputs received during execution, such as inputs from asynchronous callbacks of Oracles or externally called contracts that halt unexpectedly. Such values must be validated to meet prespecified criteria before they reach critical program parts; otherwise, they can lead to nondeterministic state outcomes in smart contracts, which we refer to as ND-issues. To detect ND-issues, we propose an information flow-based analysis that tracks the unpredictable inputs and return values that are not validated before reaching critical program parts. We have implemented our proposal in FONOVA and evaluated it using 326 frequently used Ethereum smart contracts. The evaluation shows that FONOVA detects five times more exploitable instances of ND-issues with 12 times shorter analysis time than leading tools like Ethainter, Securify, and Mythril. © 2024 IEEE.
Place, publisher, year, edition, pages
Piscataway: IEEE, 2024. p. 413-420, article id 202876
Keywords [en]
Ethereum, Nondeterminism, Smart Contracts, Static Analysis, Vulnerability Detection
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hh:diva-54779DOI: 10.1109/CSR61664.2024.10679381ISI: 001327167900062Scopus ID: 2-s2.0-85206163683OAI: oai:DiVA.org:hh-54779DiVA, id: diva2:1907337
Conference
2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024, Hybrid, London, UK, 2-4 September, 2024
Available from: 2024-10-22 Created: 2024-10-22 Last updated: 2025-10-01Bibliographically approved
In thesis
1. Pre-deployment Analysis of Smart Contracts
Open this publication in new window or tab >>Pre-deployment Analysis of Smart Contracts
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Smart contracts are programs that reside and execute on top of blockchains. These programs commonly perform financial transactions and contain the backend logic of various blockchain-supported applications. The presence of errors and bugs in smart contracts poses security risks to the applications they support. This is especially concerning because operations performed by smart contracts are irreversible by design, which is a key feature enforced by blockchain technology. Thus, ensuring the correctness and security of smart contracts before deployment is crucial. To achieve this, several program analysis and verification approaches are being actively researched and applied to smart contracts. The volume of research in this area makes it challenging to articulate the stateof-the-art. The first contribution of this thesis is an investigation into how predeployment analysis techniques have been applied to ensure the correctness and security of smart contracts. This investigation factors out the relationship between vulnerabilities in smart contracts and pre-deployment analysis techniques through properties they address. Among the issues uncovered by the investigation, one notable set pertains to nondeterministic (ND) factors involved in smart contract execution in the Ethereum blockchain. For example, transactions (function invocations) dispatched to Ethereum smart contracts are scheduled in ND order, and inputs received during execution, such as inputs from asynchronous callbacks of Oracles and externally called contracts that halt unexpectedly, are nondeterministic. Consequently, these factors may cause risks of ND changes to the state of smart contracts. The second contribution of this thesis is the proposal of methods for the static (at pre-deployment) detection of program sites (for example, state variables or cryptocurrency transfer instructions) susceptible to ND changes due to ND transaction scheduling or ND inputs and return values (from asynchronous callbacks and externally called contracts) in Ethereum smart contracts. The evaluations show that our approaches can outperform existing methods with respect to efficacy and runtime
Place, publisher, year, edition, pages
Halmstad: Halmstad University Press, 2024. p. 9
Series
Halmstad University Dissertations ; 120
National Category
Computer Sciences
Identifiers
urn:nbn:se:hh:diva-54932 (URN)978-91-89587-56-4 (ISBN)
Public defence
2024-12-18, R4129(H), Kristian IV:s väg 3, Halmstad, 13:00 (English)
Opponent
Supervisors
Available from: 2024-11-20 Created: 2024-11-20 Last updated: 2025-10-01Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Munir, SundasTaha, Walid

Search in DiVA

By author/editor
Munir, SundasTaha, Walid
By organisation
School of Information Technology
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 117 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Halmstad University Library
|
Info for students
|
Info for researchers
|
Log in