Smart contract and DApp users are taking great risks, as they do not
obtain necessary knowledge that can help them avoid using vulnera-
ble and malicious contract code. In this paper, we develop a novel
system Tx2TXT that can automatically create security-centric textual
descriptions directly from smart contract bytecode. To capture the
security aspect of financial applications, we formally define a funds
transfer graph to model critical funds flows in smart contracts. To
ensure the expressiveness and conciseness of the descriptions de-
rived from these graphs, we employ a GCN-based model to identify
security-related condition statements and selectively add them to our
graph models. To convert low-level bytecode instructions to human-
readable textual scripts, we leverage robust API signatures to recover
bytecode semantics. We have evaluated Tx2TXT on 890 well-labeled
vulnerable, malicious and safe contracts where developer-crafted
descriptions are available. Our results have shown that Tx2TXT out-
performs state-of-the-art solutions and can effectively help end users
avoid risky contracts

Thu 20 Jul

Displayed time zone: Pacific Time (US & Canada) change

13:30 - 15:00
ISSTA 12: Web and Smart ContractsTechnical Papers at Smith Classroom (Gates G10)
Chair(s): Martin Kellogg New Jersey Institute of Technology
13:30
15m
Talk
Enhancing REST API Testing with NLP Techniques
Technical Papers
Myeongsoo Kim Georgia Institute of Technology, Davide Corradini University of Verona, Saurabh Sinha IBM Research, Alessandro Orso Georgia Institute of Technology, Michele Pasqua University of Verona, Rachel Tzoref-Brill IBM Research, Mariano Ceccato University of Verona
DOI
13:45
15m
Talk
AGORA: Automated Generation of Test Oracles for REST APIsACM SIGSOFT Distinguished Artifact
Technical Papers
Juan C. Alonso University of Seville, Sergio Segura University of Seville, Antonio Ruiz-Cortés University of Seville
DOI
14:00
15m
Talk
ωTest: WebView-Oriented Testing for Android Applications
Technical Papers
Jiajun Hu Hong Kong University of Science and Technology, Lili Wei McGill University, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Hong Kong University of Science and Technology
DOI
14:15
15m
Talk
NodeRT: Detecting Races in Node.js Applications Practically
Technical Papers
Jingyao Zhou Nanjing University, Lei Xu Nanjing University, Gongzheng Lu Suzhou City University, Weifeng Zhang Nanjing University of Posts and Telecommunications, Xiangyu Zhang Purdue University
DOI
14:30
15m
Talk
iSyn: Semi-automated Smart Contract Synthesis from Legal Financial Agreements
Technical Papers
Pengcheng Fang Case Western Reserve University, Zhenhua Zou Tsinghua University, Xusheng Xiao Arizona State University, Zhuotao Liu Tsinghua University
DOI
14:45
15m
Talk
Automated Generation of Security-Centric Descriptions for Smart Contract BytecodeACM SIGSOFT Distinguished Paper
Technical Papers
Yu Pan University of Utah, Zhichao Xu University of Utah, Levi Taiji Li University of Utah, Yunhe Yang University of Utah, Mu Zhang University of Utah
DOI