Smart contracts written in Solidity are widely used in different
blockchain platforms such as Ethereum, TRON and BNB Chain.
One of the unique designs in Solidity smart contracts is its statereverting
mechanism for error handling and access control. Unfortunately,
a number of recent security incidents showed that
adversaries also utilize this mechanism to manipulate critical states
of smart contracts, and hence, bring security consequences such as
illegal profit-gain and Deny-of-Service (DoS). In this paper, we call
such vulnerabilities as the State-reverting Vulnerability (SRV). Automatically
identifying SRVs poses unique challenges, as it requires
an in-depth analysis and understanding of the state-dependency
relations in smart contracts.

This paper presents SmartState, a new framework for detecting
state-reverting vulnerability in Solidity smart contracts via finegrained
state-dependency analysis. SmartState integrates a set of
novel mechanisms to ensure its effectiveness. Particularly, Smart-
State extracts state dependencies from both contract bytecode and
historical transactions. Both of them are critical for inferring dependencies
related to SRVs. Further, SmartState models the generic
patterns of SRVs (i.e., profit-gain and DoS) as SRV indicators, and
hence effectively identify SRVs based on the constructed statedependency
graph. To evaluate SmartState, we manually annotated
a ground-truth dataset which contains 91 SRVs in the real world.
Evaluation results showed that SmartState achieves a precision of
87.23% and a recall of 89.13%. In addition, SmartState successfully
identifies 406 new SRVs from 47,351 real-world smart contracts. 11
of these SRVs are from popular smart contracts with high transaction
amounts (i.e., top 2000). In total, our reported SRVs affect a
total amount of digital assets worth 428,600 USD.

Wed 19 Jul

Displayed time zone: Pacific Time (US & Canada) change

15:30 - 17:00
ISSTA Online 6: Smart Contracts and AutomotiveTechnical Papers at Bezos Seminar Room (Gates G04)
Chair(s): Alex Groce Northern Arizona University
15:30
10m
Talk
SmartState: Detecting State-Reverting Vulnerabilities in Smart Contracts via Fine-Grained State-Dependency Analysis
Technical Papers
Zeqin Liao Sun Yat-sen University, Sicheng Hao Sun Yat-sen University, Yuhong Nan Sun Yat-sen University, Zibin Zheng Sun Yat-sen University
DOI
15:40
10m
Talk
DeFiTainter: Detecting Price Manipulation Vulnerabilities in DeFi Protocols
Technical Papers
Queping Kong Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Yanlin Wang Sun Yat-sen University, Zigui Jiang Sun Yat-sen University, Zibin Zheng Sun Yat-sen University
DOI
15:50
10m
Talk
Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts
Technical Papers
Yuzhou Fang Hong Kong University of Science and Technology, Daoyuan Wu Chinese University of Hong Kong, Xiao Yi Chinese University of Hong Kong, Shuai Wang Hong Kong University of Science and Technology, Yufan Chen Xidian University, Mengjie Chen Mask Network, Yang Liu Nanyang Technological University, Lingxiao Jiang Singapore Management University
DOI
16:00
10m
Talk
Testing Automated Driving Systems by Breaking Many Laws Efficiently
Technical Papers
Xiaodong Zhang Xidian University, Zhao Wei Tencent, Yang Sun Singapore Management University, Jun Sun Singapore Management University, Yulong Shen Xidian University, Xuewen Dong Xidian University, Zijiang Yang GuardStrike
DOI
16:10
10m
Talk
Simulation-Based Validation for Autonomous Driving Systems
Technical Papers
Changwen Li Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Joseph Sifakis University Grenoble Alpes; CNRS; Grenoble INP; VERIMAG, Qiang Wang Academy of Military Sciences, Rongjie Yan Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences
DOI
16:20
10m
Talk
Data Constraint Mining for Automatic Reconciliation Scripts Generation
Technical Papers
Tianxiao Wang Zhejiang University; Alibaba-Zhejiang University Joint Institute of Frontier Technologies, Chen Zhi Zhejiang University; Alibaba-Zhejiang University Joint Institute of Frontier Technologies, Xiaoqun Zhou Alibaba Group, Jinjie Wu Alibaba Group, Jianwei Yin Zhejiang University, Shuiguang Deng Zhejiang University; Alibaba-Zhejiang University Joint Institute of Frontier Technologies
DOI