VULTRON: Catching vulnerable smart contracts once and for all

Haijun Wang; Yi Li; Shang Wei Lin; Lei Ma; Yang Liu

doi:10.1109/ICSE-NIER.2019.00009

VULTRON: Catching vulnerable smart contracts once and for all

Haijun Wang, Yi Li, Shang Wei Lin, Lei Ma, Yang Liu

Advanced Software Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

33 Citations (Scopus)

Abstract

Despite the high stakes involved, smart contracts are often developed in an undisciplined way thus far. The existence of vulnerabilities compromises the security and reliability of smart contracts, and endangers the trust of participants in their ongoing businesses. Existing vulnerability detection techniques are often designed case-by-case, making them difficult to generalize. In this paper, we design general principles for detecting vulnerable smart contracts. Our key insight is that almost all the existing transaction-related vulnerabilities are due to the mismatch between the actual transferred amount and the amount reflected on the contract's internal bookkeeping. Based on this, we propose a precise and generally applicable technique, VULTRON, which can detect irregular transactions due to various types of adversarial exploits. We also report preliminary results applying our technique to real-world case studies.

Original language	English
Title of host publication	Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering
Subtitle of host publication	New Ideas and Emerging Results, ICSE-NIER 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-4
Number of pages	4
ISBN (Electronic)	9781728117584
DOIs	https://doi.org/10.1109/ICSE-NIER.2019.00009
Publication status	Published - May 2019
Event	41st IEEE/ACM International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019 - Montreal, Canada Duration: May 25 2019 → May 31 2019

Publication series

Name	Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019

Conference

Conference	41st IEEE/ACM International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019
Country/Territory	Canada
City	Montreal
Period	5/25/19 → 5/31/19

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ICSE-NIER.2019.00009

Cite this

Wang, H., Li, Y., Lin, S. W., Ma, L., & Liu, Y. (2019). VULTRON: Catching vulnerable smart contracts once and for all. In Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019 (pp. 1-4). [8805696] (Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSE-NIER.2019.00009

VULTRON : Catching vulnerable smart contracts once and for all. / Wang, Haijun; Li, Yi; Lin, Shang Wei et al.

Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 1-4 8805696 (Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Wang, H, Li, Y, Lin, SW, Ma, L & Liu, Y 2019, VULTRON: Catching vulnerable smart contracts once and for all. in Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019., 8805696, Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019, Institute of Electrical and Electronics Engineers Inc., pp. 1-4, 41st IEEE/ACM International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019, Montreal, Canada, 5/25/19. https://doi.org/10.1109/ICSE-NIER.2019.00009

Wang H, Li Y, Lin SW, Ma L, Liu Y. VULTRON: Catching vulnerable smart contracts once and for all. In Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 1-4. 8805696. (Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019). doi: 10.1109/ICSE-NIER.2019.00009

Wang, Haijun ; Li, Yi ; Lin, Shang Wei et al. / VULTRON : Catching vulnerable smart contracts once and for all. Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 1-4 (Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019).

@inproceedings{9659468b307b49aaa5fda00c32e15aa7,

title = "VULTRON: Catching vulnerable smart contracts once and for all",

abstract = "Despite the high stakes involved, smart contracts are often developed in an undisciplined way thus far. The existence of vulnerabilities compromises the security and reliability of smart contracts, and endangers the trust of participants in their ongoing businesses. Existing vulnerability detection techniques are often designed case-by-case, making them difficult to generalize. In this paper, we design general principles for detecting vulnerable smart contracts. Our key insight is that almost all the existing transaction-related vulnerabilities are due to the mismatch between the actual transferred amount and the amount reflected on the contract's internal bookkeeping. Based on this, we propose a precise and generally applicable technique, VULTRON, which can detect irregular transactions due to various types of adversarial exploits. We also report preliminary results applying our technique to real-world case studies.",

author = "Haijun Wang and Yi Li and Lin, {Shang Wei} and Lei Ma and Yang Liu",

year = "2019",

month = may,

doi = "10.1109/ICSE-NIER.2019.00009",

language = "English",

series = "Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1--4",

booktitle = "Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering",

address = "United States",

note = "41st IEEE/ACM International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019 ; Conference date: 25-05-2019 Through 31-05-2019",

}

TY - GEN

T1 - VULTRON

T2 - 41st IEEE/ACM International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019

AU - Wang, Haijun

AU - Li, Yi

AU - Lin, Shang Wei

AU - Ma, Lei

AU - Liu, Yang

PY - 2019/5

Y1 - 2019/5

N2 - Despite the high stakes involved, smart contracts are often developed in an undisciplined way thus far. The existence of vulnerabilities compromises the security and reliability of smart contracts, and endangers the trust of participants in their ongoing businesses. Existing vulnerability detection techniques are often designed case-by-case, making them difficult to generalize. In this paper, we design general principles for detecting vulnerable smart contracts. Our key insight is that almost all the existing transaction-related vulnerabilities are due to the mismatch between the actual transferred amount and the amount reflected on the contract's internal bookkeeping. Based on this, we propose a precise and generally applicable technique, VULTRON, which can detect irregular transactions due to various types of adversarial exploits. We also report preliminary results applying our technique to real-world case studies.

AB - Despite the high stakes involved, smart contracts are often developed in an undisciplined way thus far. The existence of vulnerabilities compromises the security and reliability of smart contracts, and endangers the trust of participants in their ongoing businesses. Existing vulnerability detection techniques are often designed case-by-case, making them difficult to generalize. In this paper, we design general principles for detecting vulnerable smart contracts. Our key insight is that almost all the existing transaction-related vulnerabilities are due to the mismatch between the actual transferred amount and the amount reflected on the contract's internal bookkeeping. Based on this, we propose a precise and generally applicable technique, VULTRON, which can detect irregular transactions due to various types of adversarial exploits. We also report preliminary results applying our technique to real-world case studies.

UR - http://www.scopus.com/inward/record.url?scp=85072081389&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072081389&partnerID=8YFLogxK

U2 - 10.1109/ICSE-NIER.2019.00009

DO - 10.1109/ICSE-NIER.2019.00009

M3 - Conference contribution

T3 - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2019

SP - 1

EP - 4

BT - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 25 May 2019 through 31 May 2019

ER -

VULTRON: Catching vulnerable smart contracts once and for all

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this