Candidate: Behkish Nassirzadeh
Title: Security Analysis Methods for Detection and Repair of DoS Vulnerabilities in Smart Contracts
Date: March 30, 2021
Time: 2:00 PM
Place: Remote
Supervisor(s): Ganesh, Vijay
Abstract:
Blockchain is a decentralized technology that makes any digital asset history unalterable and transparent by using independent nodes and cryptographic hashing. Meanwhile, Ethereum is a decentralized open-source blockchain that is one of the leading platforms for smart contracts. The execution of Ethereum smart contracts is limited by a unit called gas. If the execution gas usage surpasses this limit, the transaction will fail and raise an out-of-gas exception. Since this resource is an essential part of a contract's execution, many attackers try to target contracts with vulnerabilities due to out-of-gas behaviors. One of the foremost causes of out-of-gas exceptions is unbounded operations. Hence, identifying unbounded loops is a crucial step to detect gas-focused vulnerabilities in smart contracts. We present a tool designed and implemented to identify the gas-focused vulnerabilities of smart contracts. This tool, which is called Gas Gauge, consists of three powerful algorithms. First, we describe a highly accurate static analysis approach that finds all the loops in a smart contract. Loops are the leading cause of most gas-based vulnerabilities. Then, a static/run-time whitebox fuzzing method is explained. This method generates inputs to the public functions containing loops affected by input variables in an Ethereum smart contract. The generated set causes the contract to run out of gas. The last algorithm uses static analysis and run-time verification to predict the maximum allowed loop bounds automatically. This algorithm uses a binary search approach and an independent parallel processing design to speed up the process. Each part of the tool can be used separately for different purposes or all together to detect, identify and help repair the contracts vulnerable to out-of-gas behaviors.