Thu 20 Jul 2023 14:15 - 14:30 at Amazon Auditorium (Gates G20) - ISSTA 11: Testing 3 Chair(s): Marcelo d'Amorim

Decentralized finance (DeFi) based on smart contracts has reached a total value locked (TVL) of over USD 200 billion in 2022. In DeFi ecosystems, price oracles play a critical role in providing real-time price feeds for cryptocurrencies to ensure accurate asset pricing in smart contracts. However, the price oracle also faces security issues, including the possibility of unanticipated price feeds, which can lead to imbalances in debt and assets in the DeFi protocol. However, existing solutions cannot effectively combine transactions and code for real-time monitoring of price oracles.

To address this limitation, we first categorize price oracles as either DON oracles, DEX oracles, or internal oracles based on trusted parties, and analyze their security risks, data sources, price duration, and query fees. Then, we propose VeriOracle, a formal verification framework for the automated detection of unanticipated price feeds in smart contracts. VeriOracle can deploy a formal semantic model of the price oracle on the blockchain to detect the status of smart contracts and identify unanticipated price feed transactions in real time. We apply VeriOracle to verify over 500,000 transactions of 13 vulnerable DeFi protocols in the real world. The experimental results show that (1) VeriOracle is effective and it can detect unanticipated price feeds before DeFi attacks (33,714 blocks ahead of the attacker in the best case); (2) VeriOracle is efficient in that its verification time (about 4s) is less than the block time of Ethereum (about 14s), which means VeriOracle can detect unsafe transactions in real time; and (3) VeriOracle is extendable for verifying defense strategies. Attacks using unanticipated price feeds can only succeed in particular smart contract states. VeriOracle can verify which smart contract states can defend against attacks.

Thu 20 Jul

Displayed time zone: Pacific Time (US & Canada) change

13:30 - 15:00
ISSTA 11: Testing 3Technical Papers at Amazon Auditorium (Gates G20)
Chair(s): Marcelo d'Amorim North Carolina State University
13:30
15m
Talk
Dependency-Aware Metamorphic Testing of Datalog Engines
Technical Papers
Muhammad Numair Mansur Amazon Web Services, Valentin W├╝stholz ConsenSys, Maria Christakis TU Wien
DOI
13:45
15m
Talk
GDsmith: Detecting Bugs in Cypher Graph Database Engines
Technical Papers
Ziyue Hua Peking University, Wei Lin Peking University, Luyao Ren Peking University, Zongyang Li Peking University, Lu Zhang Peking University, Wenpin Jiao Peking University, Tao Xie Peking University
DOI
14:00
15m
Talk
Testing Graph Database Engines via Query Partitioning
Technical Papers
Matteo Kamm ETH Zurich, Manuel Rigger National University of Singapore, Chengyu Zhang ETH Zurich, Zhendong Su ETH Zurich
DOI
14:15
15m
Talk
Toward Automated Detecting Unanticipated Price Feed in Smart Contract
Technical Papers
Yifan Mo Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Yanlin Wang Sun Yat-sen University, Zibin Zheng Sun Yat-sen University
DOI
14:30
15m
Talk
Definition and Detection of Defects in NFT Smart Contracts
Technical Papers
Shuo Yang Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Zibin Zheng Sun Yat-sen University
DOI