security analysis of smart contracts in datalog
play

Security analysis of smart contracts in Datalog https://securify.ch - PowerPoint PPT Presentation

Jun 10, 2023 •872 likes •1.22k views

Security analysis of smart contracts in Datalog https://securify.ch Dr. Petar Tsankov Senior researcher, SRI lab, ETH Zurich Co-founder and Chief Scientist, ChainSecurity Inter-disciplinary research at Next-generation blockchain security ETH

  1. Security analysis of smart contracts in Datalog https://securify.ch Dr. Petar Tsankov Senior researcher, SRI lab, ETH Zurich Co-founder and Chief Scientist, ChainSecurity

  2. Inter-disciplinary research at Next-generation blockchain security ETH Zurich using automated reasoning https://chainsecurity.com @chain_security Blockchain Safety of AI Security security and privacy

  3. Why do we need reliable smart contracts?

  4. Smart contract bugs bugs in the news last month 2

  5. Vision to secure smart contracts Most anomalies Writing secure Audits are manual Problem contracts is hard and miss issues are invisible Pr Development Code audit Post-deployment Our solution Autom Au omated Ma Machine-ch check cked Mo Monitori ring to tools au audit its to tools Ou 3

  6. Our core technology SE SECURITY Y SC SCANNER SYMBOLIC VERIFIER SY AI AI-BA BASED TESTING - Discovers ge gene neric ic - Supports cu custom - Generates high high vulnerabiliti vu ties pr prope pertie ies co coverage tests - Supports Ethereum - Certifies - Learns from data and Hyperledger correctness (contracts and transactions) 4

  7. June 2016: The DAO hack

  8. The DAO hack DAO contract User contract mapping(address => uint) balances; function foo() { calls the default dao.withdraw(); "fallback” function function withdraw() { } uint amount = balances[msg.sender]; ... msg.sender.call.value(amount)(); function () payable { balances[msg.sender] = 0; // log payment } } balance is zeroed after transfer withdraw() 10 ether Later… withdraw() 0 ether 5

  9. The DAO hack User contract DAO contract function foo() { mapping(address => uint) balances; dao.withdraw(); } function withdraw() { ... uint amount = balances[msg.sender]; msg.sender.call.value(amount)(); function () payable { balances[msg.sender] = 0; dao.withdraw(); } } calls withdraw() withdraw() before balance is set to 0 10 ether withdraw() 10 ether ... 5

  10. Many critical vulnerabilities Unexpected ether flows In 2017, more than $300M Unprivileged writes Use of unsafe inputs have been lost due Reentrant method calls to these issues Transaction reordering 6

  11. Wanted: Automated security analysis

  12. function withdraw() { The DAO hack uint amount = balances[msg.sender]; msg.sender.call.value(amount)(); balances[msg.sender] = 0; } Security property: No state changes after call instructions Unsafe calls Safe calls Unsafe call instruction Safe call instruction Can we automatically find all unsafe calls? No , smart contracts are Turing-complete 7

  13. Insight When contracts satisfy/violate a security property, they often satisfy/violate a simpler property

  14. function withdraw() { The DAO hack uint amount = balances[msg.sender]; msg.sender.call.value(amount)(); balances[msg.sender] = 0; } Security property: No state changes after call instructions Unsafe calls Safe calls Verifies 91% of all calls A write always No writes follows may follow call.value() call.value() Violation pattern Compliance pattern 7

  15. www.securify.ch Scalable and fully automated verifier for Ethereum smart contracts

  16. Impact Used daily by security auditors 1K+ subscribers (30K+ contracts scanned so far) Grants: Startup: 8

  17. Suitable for Securify: System overview analysis push 0x04 1: a = 0x04 dataload 1. decompile 2: b = load (a) push 0x08 3: abi_00 (b) jump 4: stop jumpdest abi_00 (b) stop 5: c = 0x00 jumpdest 6: sstore (c,b) ⋮ ⋮ Patterns EVM bytecode Intermediate representation written in a DSL 2. infer facts assign (1, a, 0x04) follow (2, 1) mayDepOn (b, a) load (2, b, a) follow (3,2) Relevant follow (5,3) 3. check patterns ⋮ semantic information Security report Semantic representation 9

  18. Step 1: Decompilation push 0x04 1: a = 0x04 dataload 1. decompile 2: b = load (a) push 0x08 3: abi_00 (b) jump 4: stop jumpdest abi_00 (b) stop 5: c = 0x00 jumpdest 6: sstore (c,b) ⋮ ⋮ EVM bytecode Intermediate representation - Static single assignment form - Control-flow graph recovery 10

  19. Step 2: Inferring semantic facts 1: a = 0x04 2: b = load (a) 3: abi_00 (b) 4: stop abi_00 (b) 5: c = 0x00 6: sstore (c,b) ⋮ Intermediate representation 2. infer facts assign (1, a, 0x04) follow (2, 1) mayDepOn (b, a) load (2, b, a) follow (3,2) follow (5,3) ⋮ Semantic representation

  20. Step 2: Inferring semantic facts Scalable inference of semantic facts using Datalog solvers Datalog program !"#$%&&%' (, * ← $%&&%'((, *) !"#$%&&%' (, * ← $%&&%' (, . , !"#$%&&%'(., *) 1: a = 0x04 $%&&%'(2, 1) !"#$%&&%'(2, 1) 2: b = load (a) $%&&%'(3, 2) !"#$%&&%'(3, 1) 3: abi_00 (b) $%&&%'(5, 3) !"#$%&&%'(4, 1) 4: stop $%&&%'(6, 5) !"#$%&&%'(5, 1) abi_00 (b) 5: c = 0x00 $%&&%'(4, 6) !"#$%&&%'(6, 1) 6: sstore (c,b) ⋮ ⋮ IR Datalog input Datalog fixpoint 11

  21. Step 2: Inferring semantic facts Scalable inference of semantic facts using Datalog solvers !"#$%&&%' (, * ← $%&&%'((, *) !"#$%&&%' (, * ← $%&&%' (, . , !"#$%&&%'(., *) 1: a = 0x04 $%&&%'(2, 1) !"#$%&&%'(2, 1) 2: b = load (a) $%&&%'(3, 2) !"#$%&&%'(3, 1) 3: abi_00 (b) $%&&%'(5, 3) !"#$%&&%'(4, 1) 4: stop $%&&%'(6, 5) !"#$%&&%'(5, 1) abi_00 (b) 5: c = 0x00 $%&&%'(4, 6) !"#$%&&%'(6, 1) 6: sstore (c,b) ⋮ ⋮ IR Datalog input Datalog fixpoint 11

  22. Step 2: Inferring semantic facts Scalable inference of semantic facts using Datalog solvers Relevant semantic facts Control-flow analysis Datalog program !"#$%&&%' (, * ← $%&&%'((, *) Instruction at label 7 8 may follow that at label 7 9 6"#$%&&%'(7 8 , 7 9 ) !"#$%&&%' (, * ← $%&&%' (, . , !"#$%&&%'(., *) Instruction at label 7 8 must follow that at label 7 9 6:;<$%&&%'(7 8 , 7 9 ) Data-flow analysis The value of B may depend on tag C 6"#=>?@A(B, C) 1: a = 0x04 $%&&%'(2, 1) !"#$%&&%'(2, 1) 2: b = load (a) $%&&%'(3, 2) !"#$%&&%'(3, 1) The values of B and C are equal >D(B, C) 3: abi_00 (b) $%&&%'(5, 3) !"#$%&&%'(4, 1) 4: stop For different values of C the value of B is different E><F#(B, C) $%&&%'(6, 5) !"#$%&&%'(5, 1) abi_00 (b) 5: c = 0x00 $%&&%'(4, 6) !"#$%&&%'(6, 1) For real-world contracts, Securify infers 1 - 10M such facts 6: sstore (c,b) ⋮ ⋮ IR Datalog input Datalog fixpoint 11

  23. Step 3: Check patterns assign (1, a, 0x04) follow (2, 1) mayDepOn (b, a) load (2, b, a) follow (3,2) follow (5,3) 3. check patterns ⋮ Security report Semantic representation

  24. Security patterns language A pat pattern is a logical formula over semantic predicates: 4 ∷ = 718'9 :, ;, <, … , < !" X, T &!'() X, Y | ,-).!/01(X, Y) >?@@?A :, : | ,-)B?@@?A :, : ,C8'B?@@?A(:, :) ∃<. 4 ∃:. 4 ∃F. 4 ¬4 | 4 ∧ 4 see paper for details 12

  25. Example: No writes after calls function withdraw() { uint amount = balances[msg.sender]; msg.sender.call.value(amount)(); balances[msg.sender] = 0; } Security property: ! ≡ “No state changes after call instructions” Compliance pattern ! " ≡ ∀ %&'' ( ) , _, _ . ¬∃ //0123 ( 4 , _, _ . 5&671''18(( 4 , ( ) ) Violation pattern ! " ≡ ∃ %&'' ( ) , _, _ . ∃ //0123 ( 4 , _, _ . 5;/071''18(( 4 , ( ) ) We can (manually) prove that: ! " ⇒ ! and ! = ⇒ ¬! 13

  26. Security report Unsafe calls Safe calls Violation ¬! ! Compliance pattern pattern ! " ! # Violation Warning Safe violations or wa All unsafe calls are reported as either vi warnings 14

  27. Security report Patterns for relevant security properties Unsafe behaviors Safe behaviors Violation ¬! ! Compliance pattern pattern ! " ! # Violation Warning Safe violations or wa All unsafe behaviors are reported as either vi warnings 14

  28. Evaluation 1. Is Securify precise for relevant security properties? 2. How does Securify compare to other contract checkers? 15

  29. How precise is Securify? Dataset - First 100 real-world contracts uploaded to https://securify.ch in 2018 Security properties - 9 critical vulnerabilities (reentrancy, …) Experiment: - Measure % of violations , safe behaviors , and warnings - Manually classify warnings into true warnings and false warnings 16

  30. How precise is Securify? > 90% verified % of all potential vulnerabilities 100 80 No warnings No warnings False warnings 60 True warnings Violations 40 20 0 TT TR TA NW RW HE VA RT LQ Security properties < 10% warnings for 6 out of 9 security properties 16

  31. How does Securify compare to other checkers? Oyente 60 Mythril 40 20 Violations 0 True warnings 20 False warnings 40 > 50% false Unreported Fewer false 60 vulnerabilities negatives warnings 80 Unhandled Unsafe TOD Reentrancy exception transfer 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securify: Practical Security Analysis of Smart Contracts https://securify.ch Dana Martin Petar

Securify: Practical Security Analysis of Smart Contracts https://securify.ch Dana Martin Petar

Securify: Practical Security Analysis of Smart Contracts https://securify.ch Dana Martin Petar Andrei Arthur Florian Drachsler- Vechev Tsankov Dan Gervais Bnzli Cohen Grant: Startup: What is a smart contract? mapping(address

518 views • 35 slides
Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1 IST Austria 2 Hebrew University of Jerusalem ESOP 2018 Outline Smart Contracts Bugs in Smart Contracts Language Design Games and Abstraction

1.06k views • 73 slides
Declarative Static Analysis of Smart Contracts securify.ch Quentin Hibon Blockchain Security

Declarative Static Analysis of Smart Contracts securify.ch Quentin Hibon Blockchain Security

Declarative Static Analysis of Smart Contracts securify.ch Quentin Hibon Blockchain Security Engineer, ChainSecurity Smart Contract Bugs in the News Low-level Code High-level languages Solidity Vyper compilation Low-level code

306 views • 28 slides
Securify: Practical Security Analysis of Smart Contracts https://securify.ch Dr. Petar Tsankov

Securify: Practical Security Analysis of Smart Contracts https://securify.ch Dr. Petar Tsankov

Securify: Practical Security Analysis of Smart Contracts https://securify.ch Dr. Petar Tsankov Scientific Researcher, ICE center, ETH Zurich Co-founder and Chief Scientist, ChainSecurity AG http://www.ptsankov.com/ @ptsankov

407 views • 39 slides
Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all about what smart contracts are... ...but what does a real smart contract look like? Lets talk about writing actual Smart Contracts with code

809 views • 50 slides
Back To The Future Of f Soft ftware Security Developing Secure Smart Contracts Final -

Back To The Future Of f Soft ftware Security Developing Secure Smart Contracts Final -

Back To The Future Of f Soft ftware Security Developing Secure Smart Contracts Final - OWASP Toronto January 23, 2019 Whoami Jamie Baxter, M. Eng., OSCP, OSCE, CISSP, GPEN Independent Information Security Consultant focusing on

764 views • 52 slides
Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul Prakash IEEE Security and Privacy 24 May 2016 Smart Door Locks CO Sensors Connected Ovens Smart Plugs IP Cameras Emerging Smart Home Frameworks

502 views • 35 slides
Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures The blockchain What does the blockchain do? One timestamp, and one context for each signature You can detect if someone is promising

289 views • 7 slides
Static Analysis in Datalog Gang Tan CSE 597 Spring 2019 Penn State University 1 DATALOG INTRO

Static Analysis in Datalog Gang Tan CSE 597 Spring 2019 Penn State University 1 DATALOG INTRO

Static Analysis in Datalog Gang Tan CSE 597 Spring 2019 Penn State University 1 DATALOG INTRO 2 Logic Programming Logic programming In a broad sense: the use of mathematical logic for computer programming Prolog (1972) Use

896 views • 68 slides
Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] . Lorenz Breidenbach ETH Zurich, Cornell [Tech] . Florian Tramer . Stanford . Smart Contract Security - The Prongs Formal Verification (+Specification)

960 views • 28 slides
Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies National University of Singapore Shanghai, Jan. 15-17 2017 Some slides are courtesy of Vitalik Buterin 1 Agenda Smart contracts and

1.12k views • 79 slides
Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 26, 2019 1 / 17 Smart Contracts Computer protocols which help execution/enforcement of

288 views • 17 slides
Ethereum Transactions and Smart Contracts Prof. Tom Austin San Jos State University

Ethereum Transactions and Smart Contracts Prof. Tom Austin San Jos State University

Cryptocurrencies &amp; Security on the Blockchain Ethereum Transactions and Smart Contracts Prof. Tom Austin San Jos State University Transactions Transactions Signed messages triggered by EOA Atomic If they fail, they roll back

536 views • 22 slides
Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul Prakash Presented by: Gohar Irfan Chaudhry IEEE Security and Privacy 24 May 2016 Smart Door Locks nsors Connected Ovens Plugs IP Cameras Emerging

484 views • 31 slides
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia Mavridou 1 and Aron Laszka 2 1 Vanderbilt University 2 University of Houston 2 Smart Contract Insecurity Smart contracts are riddled with bugs and

575 views • 21 slides
6/12/2018 Including ASD Interventions in DD Preschool Classrooms Summer Institute June 13-15,

6/12/2018 Including ASD Interventions in DD Preschool Classrooms Summer Institute June 13-15,

6/12/2018 Including ASD Interventions in DD Preschool Classrooms Summer Institute June 13-15, 2018 Carolyn Biswell, BA, RBT Autism Programs University of New Mexico Center for Development and Disability Objectives Participants will: Be

738 views • 15 slides
Observing boundary layer properties with Doppler lidar for mass-balance estimates of greenhouse

Observing boundary layer properties with Doppler lidar for mass-balance estimates of greenhouse

Observing boundary layer properties with Doppler lidar for mass-balance estimates of greenhouse gas emissions R. Michael Hardesty, Wm Alan Brewer, Robert Banta, Christoph Senff, Scott Sandberg, Raul Alvarez, Ann Weickmann, Colm Sweeney, Anna

405 views • 28 slides
Loops and Expression Types Roman Kontchakov / Carsten Fuhs Birkbeck, University of London

Loops and Expression Types Roman Kontchakov / Carsten Fuhs Birkbeck, University of London

Software and Programming I Loops and Expression Types Roman Kontchakov / Carsten Fuhs Birkbeck, University of London Outline The while , for and do Loops Sections 4.1, 4.3 and 4.4 Variable Scope Section 5.8 Expressions and Types Operation

678 views • 31 slides
National Mitigation Angie Gladwell Deputy Assistant Administrator, Investment Strategy Risk

National Mitigation Angie Gladwell Deputy Assistant Administrator, Investment Strategy Risk

National Mitigation Angie Gladwell Deputy Assistant Administrator, Investment Strategy Risk Management, FIMA 1 How Did We Get Here? Cal all f for St Strat ategy Draft R Dr Rel elea eased Fin inal al St Strat ategy MitFLG issues

552 views • 15 slides
Location tracking Location tracking Engineering &amp; Public Policy Lorrie Faith Cranor

Location tracking Location tracking Engineering &amp; Public Policy Lorrie Faith Cranor

CyLab Location tracking Location tracking Engineering &amp; Public Policy Lorrie Faith Cranor October 8, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818: b r a a t

969 views • 48 slides
Slide 1 Jeff Wainwright Front End Engineer for Dollar

Slide 1 Jeff Wainwright Front End Engineer for Dollar

Slide 1 Jeff Wainwright Front End Engineer for Dollar Shave Club (Use Dollar Shave Club products because they ARE GREAT!) What's a Front End

398 views • 3 slides
Implementa5on axis 1 Values 2 Quality Concept &amp;

Implementa5on axis 1 Values 2 Quality Concept &amp;

1 Values 2 Quality Concept &amp; Prac5cal Modali5es 3 Individual &amp; collective Practices Implementa5on axis 1 Values 2 Quality Concept &amp; Prac5cal

779 views • 31 slides
Sustainable International Service-Learning: Models and Principles of Good Practice for Teaching,

Sustainable International Service-Learning: Models and Principles of Good Practice for Teaching,

Sustainable International Service-Learning: Models and Principles of Good Practice for Teaching, Learning and Serving in International and Intercultural Contexts Jeffrey Howard and Howard Rosing Steans Center for Community Based Service Learning

440 views • 21 slides

More recommend