Embed Size (px)
Citation preview
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
1/23
SmartCheck: Static Analysis of EthereumSmart Contracts
Sergei Tikhomirov, Ekaterina Voskresenskaya,Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko,
Yaroslav Alexandrov
SnT, University of Luxembourg / SmartDec
27 May 2018WETSEB, Gothenburg, Sweden
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
2/23
Outline
Introduction
Classification of issues in Solidity code
SmartCheck: smart contract analyzer
Future work and state of the project
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
3/23
Outline
Introduction
Classification of issues in Solidity code
SmartCheck: smart contract analyzer
Future work and state of the project
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
4/23
Goal: finding bugs that can cost you millions
I Smart contracts: a decentralized way to enforce digitalagreements
I Ethereum: a blockchain-based Turing completeapplication platform
I Bugs can be (and have been) exploited: hundredsmillion USD lost
I We present SmartCheck – a static analyzer forEthereum contracts
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
5/23
What Ethereum nodes doI Store account balances, contract code and variables
I Execute smart contracts code on request
I Maintain a shared view of the global state
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
6/23
Ethereum security challenges
I Decentralized execution environment
I New software stack
I Very limited ability to patch contracts
I Anonymous financially motivated attackers
I Rapid pace of development
I Suboptimal high-level language
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
7/23
Outline
Introduction
Classification of issues in Solidity code
SmartCheck: smart contract analyzer
Future work and state of the project
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
8/23
Classification of issues in Solidity code
I Security: directly lead to exploits
I Functional: violate the intended functionality1
I Operational: lead to run-time problems
I Developmental: make code hard to improve
1Though without a specification we only assume what the intendedfunctionality is.
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
9/23
Typical issues in Solidity code
Let us focus on three examples of code issues:
I Re-entrancy (security)
I Locked money (functional)
I Costly loop (operational)
SmartCheck detects 21 types of issues.
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
10/23
Example 1/3: Re-entrancy
I Contract maintains internal list of balances
I If a user withdraws funds; their balance is set to zero
I Adversary requests withdrawal via malicious contractwhich calls the victim back before their balance is set tozero, depleting the victim contract’s balance
I Real-world case: The DAO hack (June 2016): $50m lost
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
11/23
Example 2/3: Locked money
I Contracts that receive ether should have a way towithdraw it: call transfer, send, or call.value
I Otherwise money is be stuck in contract forever
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
12/23
Example 3/3: Costly loop
I Ethereum users pay for contract execution with gas
I Tx’s are atomic: if one step fails, whole tx fails
I Miners enforce a block gas limit(hence, a limit on computation in one tx)
I A costly function called inside a long enough loopexceeds block gas limit: tx is never confirmed
I Example: payouts for all winners in a game fail becauseof one (maliciously) failing payout
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
13/23
Outline
Introduction
Classification of issues in Solidity code
SmartCheck: smart contract analyzer
Future work and state of the project
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
14/23
Code analysis: dynamic vs static
Dynamic code analysis:
I black box
I no false positives
I some code execution paths are missed
Static code analysis:
I white box
I some false positives
I all the code is analyzed
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
15/23
Smart contracts code analysis
Smart contracts code compared to web applications code:
I immutable
I self-bug-bounty
I all the code is crucial
but
I less code (∼1,000 LOC vs ∼100,000 LOC)
Thus, static analysis is our choice.
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
16/23
Static code analysis
Static analysis usually includes three stages:
1. building an intermediate representation (IR)
2. enriching the IR with additional information
3. vulnerability detection
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
17/23
SmartCheck: static code analyser
SmartCheck uses:
I ANTLR parser generator
I custom Solidity grammar
I XPath queries
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
18/23
Example parse tree
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
19/23
Vulnerabilities in 4,600 real contracts
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
20/23
Outline
Introduction
Classification of issues in Solidity code
SmartCheck: smart contract analyzer
Future work and state of the project
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
21/23
Future work
I Improve the grammar
I Make patterns more precise
I Add new patterns
I Implement more sophisticated static analysis methods
I Add support for other languages
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
22/23
Current state of the project
I First version is open-sourced (GPL-3.0):github.com/smartdec/smartcheck
I Improved version is freely available as a service:tool.smartdec.net
I Currently 100 scans per day, 4212 scans in total
SmartCheck:Static Analysis ofEthereum Smart
Contracts
Tikhomirov,Voskresenskaya,
Ivanitskiy,Takhaviev,Marchenko,Alexandrov
Introduction
Classification ofissues in Soliditycode
SmartCheck:smart contractanalyzer
Future work andstate of the project
23/23
Questions?
I github.com/smartdec/smartcheck
I tool.smartdec.net
I cryptolux.org
I s-tikhomirov.github.io
