Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
5-2021
Abstract
Smart contracts are distributed, self-enforcing programs executing on top of blockchain networks. They have the potential to revolutionize many industries such as financial institutes and supply chains. However, smart contracts are subject to code-based vulnerabilities, which casts a shadow on its applications. As smart contracts are unpatchable (due to the immutability of blockchain), it is essential that smart contracts are guaranteed to be free of vulnerabilities. Unfortunately, smart contract languages such as Solidity are Turing-complete, which implies that verifying them statically is infeasible. Thus, alternative approaches must be developed to provide the guarantee. In this work, we develop an approach which automatically transforms smart contracts so that they are provably free of 4 common kinds of vulnerabilities. The key idea is to apply runtime verification in an efficient and provably correct manner. Experiment results with 5000 smart contracts show that our approach incurs minor run-time overhead in terms of time (i.e., 14.79%) and gas (i.e., 0.79%).
Keywords
Smart contracts, blockchain networks, vulnerabilities, runtime verification
Discipline
Programming Languages and Compilers | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
2021 42nd IEEE Symposium on Security and Privacy: Virtual, May 23-27: Proceedings
First Page
1215
Last Page
1229
ISBN
9781728189345
Identifier
10.1109/SP40001.2021.00057
Publisher
IEEE Computer Society
City or Country
Los Alamitos, CA
Citation
NGUYEN, Tai D.; PHAM, Long H.; and SUN, Jun.
SGUARD: Towards fixing vulnerable smart contracts automatically. (2021). 2021 42nd IEEE Symposium on Security and Privacy: Virtual, May 23-27: Proceedings. 1215-1229.
Available at: https://ink.library.smu.edu.sg/sis_research/6115
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/SP40001.2021.00057