S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts

Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly vulnerable to different forms of attacks, their security becomes a top priority. However, existing security auditing techniques are either limit...

Full description

Saved in:
Bibliographic Details
Published in:2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE) pp. 814 - 819
Main Authors: Liu, Han, Liu, Chao, Zhao, Wenqi, Jiang, Yu, Sun, Jiaguang
Format: Conference Proceeding
Language:English
Published: ACM 01.09.2018
Subjects:
Blockchains
Labeling
language modeling
Metadata
Probability
Security
security auditing
Semantics
Sensitivity
Smart contracts
Software engineering
static semantic labeling
Tokenization
ISSN:2643-1572
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly vulnerable to different forms of attacks, their security becomes a top priority. However, existing security auditing techniques are either limited in finding vulnerabilities (rely on pre-defined bug patterns) or very expensive (rely on program analysis), thus are insufficient for Ethereum. To mitigate these limitations, we proposed a novel semantic-aware security auditing technique called S-GRAM for Ethereum. The key insight is a combination of N-gram language modeling and lightweight static semantic labeling, which can learn statistical regularities of contract tokens and capture high-level semantics as well (e.g., flow sensitivity of a transaction). S-GRAM can be used to predict potential vulnerabilities by identifying irregular token sequences and optimize existing in-depth analyzers (e.g., symbolic execution engines, fuzzers etc.). We have implemented S-GRAM for Solidity smart contracts in Ethereum. The evaluation demonstrated the potential of S-GRAM in identifying possible security issues.
ISSN:2643-1572
DOI:10.1145/3238147.3240728