hh.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Statically Checking Transaction Ordering Dependency in Ethereum Smart Contracts
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-6817-6438
Halmstad University, School of Information Technology.ORCID iD: 0000-0003-3160-9188
2024 (English)In: BSCI '24: Proceedings of the 6th ACM International Symposium on Blockchain and Secure Critical Infrastructure, New York, NY: Association for Computing Machinery (ACM), 2024Conference paper, Published paper (Refereed)
Abstract [en]

Smart contracts are programs with mutable state. Transactions submitted to these contracts trigger functions that often modify state. Nodes of the Ethereum blockchain schedule such transactions in a nondeterministic order, potentially leading to races between transactions and concurrency issues. When the outcome of a smart contract varies depending on the order in which transactions are processed, we have a Transaction Ordering Dependency (TOD). TOD enables malicious actors to profit from a smart contract, similar to the well-known frontrunning vulnerability. Existing approaches for detecting TOD in Ethereum smart contracts yield a high rate of false positives and false negatives. To help contract developers and testers detect TOD vulnerabilities with enhanced precision, we propose and evaluate an analysis based on information flow in our tool TODChecker1 . We evaluate our approach using a benchmark comprising 513 vulnerable transactions involving 235 real-world Ethereum smart contracts susceptible to frontrunning attacks. Our evaluation finds that our approach outperforms existing approaches, including Oyente, Securify, SAILFISH, TODler, and Nyx, in precision, runtime, and in identifying novel TOD vulnerabilities. © 2024 Copyright held by the owner/author(s)
Place, publisher, year, edition, pages
New York, NY: Association for Computing Machinery (ACM), 2024.
Keywords [en]
Vulnerability detection, static analysis, Ethereum, smart contracts
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hh:diva-54931DOI: 10.1145/3659463.3660013Scopus ID: 2-s2.0-85219214794ISBN: 9798400706387 (print)OAI: oai:DiVA.org:hh-54931DiVA, id: diva2:1914720
Conference
The 6th ACM International Symposium on Blockchain and Secure Critical Infrastructure, Singapore, Singapore, 1st - 5th July, 2024
Available from: 2024-11-20 Created: 2024-11-20 Last updated: 2025-10-01Bibliographically approved
In thesis
1. Pre-deployment Analysis of Smart Contracts
Open this publication in new window or tab >>Pre-deployment Analysis of Smart Contracts
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Smart contracts are programs that reside and execute on top of blockchains. These programs commonly perform financial transactions and contain the backend logic of various blockchain-supported applications. The presence of errors and bugs in smart contracts poses security risks to the applications they support. This is especially concerning because operations performed by smart contracts are irreversible by design, which is a key feature enforced by blockchain technology. Thus, ensuring the correctness and security of smart contracts before deployment is crucial. To achieve this, several program analysis and verification approaches are being actively researched and applied to smart contracts. The volume of research in this area makes it challenging to articulate the stateof-the-art. The first contribution of this thesis is an investigation into how predeployment analysis techniques have been applied to ensure the correctness and security of smart contracts. This investigation factors out the relationship between vulnerabilities in smart contracts and pre-deployment analysis techniques through properties they address. Among the issues uncovered by the investigation, one notable set pertains to nondeterministic (ND) factors involved in smart contract execution in the Ethereum blockchain. For example, transactions (function invocations) dispatched to Ethereum smart contracts are scheduled in ND order, and inputs received during execution, such as inputs from asynchronous callbacks of Oracles and externally called contracts that halt unexpectedly, are nondeterministic. Consequently, these factors may cause risks of ND changes to the state of smart contracts. The second contribution of this thesis is the proposal of methods for the static (at pre-deployment) detection of program sites (for example, state variables or cryptocurrency transfer instructions) susceptible to ND changes due to ND transaction scheduling or ND inputs and return values (from asynchronous callbacks and externally called contracts) in Ethereum smart contracts. The evaluations show that our approaches can outperform existing methods with respect to efficacy and runtime
Place, publisher, year, edition, pages
Halmstad: Halmstad University Press, 2024. p. 9
Series
Halmstad University Dissertations ; 120
National Category
Computer Sciences
Identifiers
urn:nbn:se:hh:diva-54932 (URN)978-91-89587-56-4 (ISBN)
Public defence
2024-12-18, R4129(H), Kristian IV:s väg 3, Halmstad, 13:00 (English)
Opponent
Supervisors
Available from: 2024-11-20 Created: 2024-11-20 Last updated: 2025-10-01Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Munir, SundasTaha, Walid

Search in DiVA

By author/editor
Munir, SundasTaha, Walid
By organisation
School of Information Technology
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 223 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Halmstad University Library
|
Info for students
|
Info for researchers
|
Log in