Automated Generation of Security-Centric Descriptions for Smart Contract BytecodeACM SIGSOFT Distinguished Paper
Smart contract and DApp users are taking great risks, as they do not
obtain necessary knowledge that can help them avoid using vulnera-
ble and malicious contract code. In this paper, we develop a novel
system Tx2TXT that can automatically create security-centric textual
descriptions directly from smart contract bytecode. To capture the
security aspect of financial applications, we formally define a funds
transfer graph to model critical funds flows in smart contracts. To
ensure the expressiveness and conciseness of the descriptions de-
rived from these graphs, we employ a GCN-based model to identify
security-related condition statements and selectively add them to our
graph models. To convert low-level bytecode instructions to human-
readable textual scripts, we leverage robust API signatures to recover
bytecode semantics. We have evaluated Tx2TXT on 890 well-labeled
vulnerable, malicious and safe contracts where developer-crafted
descriptions are available. Our results have shown that Tx2TXT out-
performs state-of-the-art solutions and can effectively help end users
avoid risky contracts
Thu 20 JulDisplayed time zone: Pacific Time (US & Canada) change
13:30 - 15:00 | ISSTA 12: Web and Smart ContractsTechnical Papers at Smith Classroom (Gates G10) Chair(s): Martin Kellogg New Jersey Institute of Technology | ||
13:30 15mTalk | Enhancing REST API Testing with NLP Techniques Technical Papers Myeongsoo Kim Georgia Institute of Technology, Davide Corradini University of Verona, Saurabh Sinha IBM Research, Alessandro Orso Georgia Institute of Technology, Michele Pasqua University of Verona, Rachel Tzoref-Brill IBM Research, Mariano Ceccato University of Verona DOI | ||
13:45 15mTalk | AGORA: Automated Generation of Test Oracles for REST APIsACM SIGSOFT Distinguished Artifact Technical Papers Juan C. Alonso University of Seville, Sergio Segura University of Seville, Antonio Ruiz-Cortés University of Seville DOI | ||
14:00 15mTalk | ωTest: WebView-Oriented Testing for Android Applications Technical Papers Jiajun Hu Hong Kong University of Science and Technology, Lili Wei McGill University, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Hong Kong University of Science and Technology DOI | ||
14:15 15mTalk | NodeRT: Detecting Races in Node.js Applications Practically Technical Papers Jingyao Zhou Nanjing University, Lei Xu Nanjing University, Gongzheng Lu Suzhou City University, Weifeng Zhang Nanjing University of Posts and Telecommunications, Xiangyu Zhang Purdue University DOI | ||
14:30 15mTalk | iSyn: Semi-automated Smart Contract Synthesis from Legal Financial Agreements Technical Papers Pengcheng Fang Case Western Reserve University, Zhenhua Zou Tsinghua University, Xusheng Xiao Arizona State University, Zhuotao Liu Tsinghua University DOI | ||
14:45 15mTalk | Automated Generation of Security-Centric Descriptions for Smart Contract BytecodeACM SIGSOFT Distinguished Paper Technical Papers Yu Pan University of Utah, Zhichao Xu University of Utah, Levi Taiji Li University of Utah, Yunhe Yang University of Utah, Mu Zhang University of Utah DOI |