政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/131489
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 113160/144130 (79%)
造訪人次 : 50761602      線上人數 : 771
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    政大機構典藏 > 商學院 > 資訊管理學系 > 學位論文 >  Item 140.119/131489
    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/131489


    題名: 形式化 Gas 弱點偵測及攻擊生成
    Symbolic Gas Vulnerability Detection and Attack Synthesis
    作者: 彭旻浩
    Peng, Min-Hao
    貢獻者: 郁方
    Yu, Fang
    彭旻浩
    Peng, Min-Hao
    關鍵詞: 區塊鏈
    智能合約
    控制流程圖
    形式化執行
    Blockchain
    Smart contract
    Control flow graph
    Gas estimation
    Gas vulnerability
    Symbolic execution
    日期: 2020
    上傳時間: 2020-09-02 11:45:22 (UTC+8)
    摘要: 近期,不只是在資訊領域,區塊鏈技術的應用正在如火如荼的快速成長中。各種新興虛擬貨幣如雨後春筍般大量出現,新創產業也陸續利用發行ICO的方式募資。有賴於智能合約,區塊鏈能夠運用的領域越來越廣泛。智能合約的功能就像一支在區塊鏈上的程式,使用者可以對智能合約發起交易,交易的過程所執行的內容,則是由智能合約中的程式邏輯決定,比方說一個點數交換的智能合約,其中可能包含了點數的轉換或是儲值的功能。各式各樣的智能合約已經存在目前的區塊鏈環境中,但就像是一般的程式一樣,智能合約也是有可能成為惡意行為的攻擊對象。此次研究的目的,是希望能夠透過靜態分析,針對尚未執行前的智能合約進行 Gas 弱點檢查。我們希望能夠讓使用者在尚未執行智能合約之前,就能夠先針對智能合約進行檢測。在部份的研究中,已經有些實用的工具能夠檢查出針對 Gas 潛在的風險。而我們希望能夠針對智能合約執行時的 Gas 消耗進行分析,透過我們的分析,能夠偵測智能合約中是否包含 Gas 相關的弱點。
    Successful executions of smart contracts require sufficient pre-allocated transaction fees, i.e., gas, on Ethereum. A gas vulnerability is a feasible execution of smart contracts that has its gas consumption depending on external inputs, e.g., used to check loop conditions or to calculate gas formulas. Such gas vulnerabilities may be exploited to raise massive gas consumption that leads the execution to unexpected exceptions. In this work, we propose an instruction-level symbolic stack simulation approach for systematic gas vulnerability detection and attack synthesis. The analysis process consists of 1) a sound control flow graph construction with blocks that are associated with their gas formulas and stack states, 2) symbolic execution path enumeration along with path and gas constraints generation, where loops are symbolically encoded with an auxiliary index for the number of iterations, and 3) gas vulnerability detection and its attack synthesis. To synthesize an attack to exploit the vulnerability, we use the sat model returned by an SMT solver to generate the inputs to trigger the execution that exceeds the gas limit. We report our analysis results against various contracts on Etherscan and In-house development cases, revealing previously unknown vulnerabilities in these contracts.
    參考文獻: [1]  N. Szabo, “Formalizing and securing relationships on public networks,” First Monday, vol. 2, no. 9, 1997. [Online]. Available: https://journals.uic.edu/ojs/index. php/fm/article/view/548
    [2]  coloredcoins, “coloredcoins.org,” http://coloredcoins.org/, 2019.
    [3]  Ethereum, “Create a democracy contract in ethereum,” https://www.ethereum.org/ dao, 2019.
    [4]  Monegraph, “Monegraph,” https://monegraph.com/, 2019.
    [5]  G. Wood et al., “Ethereum: A secure decentralised generalised transaction ledger,” 
Ethereum project yellow paper, vol. 151, no. 2014, pp. 1–32, 2014.
    [6]  Ethereum, “Solidity,” https://solidity.readthedocs.io, 2019.
    [7]  N. Grech, M. Kong, A. Jurisevic, L. Brent, B. Scholz, and Y. Smaragdakis, “Madmax: Surviving out-of-gas conditions in ethereum smart contracts,” Proc. ACM Program. Lang., vol. 2, no. OOPSLA, pp. 116:1–116:27, Oct. 2018. [Online]. Available: http://doi.acm.org/10.1145/3276486
    [8]  T. Chen, X. Li, X. Luo, and X. Zhang, “Under-optimized smart contracts devour your money,” in 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER). Klagenfurt, Austria: IEEE, Feb 2017, pp. 442–446.
    [9]  D. Gopinath, C. S. Pa ̆s ̆areanu, K. Wang, M. Zhang, and S. Khurshid, “Symbolic execution for attribution and attack synthesis in neural networks,” in Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings, ser. ICSE ’19. Montreal, Quebec, Canada: IEEE Press, 2019, pp. 282–283. [Online]. Available: https://doi.org/10.1109/ICSE-Companion.2019.00115
    [10]  B. Loring, D. Mitchell, and J. Kinder, “Sound regular expression semantics for dynamic symbolic execution of javascript,” CoRR, vol. abs/1810.05661, pp. 425–438, 2018. [Online]. Available: http://arxiv.org/abs/1810.05661
    [11]  Ethereum, “Ethereum network status,” https://ethstats.net/, 2019.
    [12]  N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts (sok),” in Principles of Security and Trust, M. Maffei and M. Ryan, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017, pp. 164–186.
    [13]  K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi, “Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab,” in Financial Cryptography and Data Security, J. Clark, S. Meiklejohn, P. Y. Ryan, D. Wallach, M. Brenner, and K. Rohloff, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2016, pp. 79–94.
    [14]  L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM. New York, NY, USA: ACM, 2016, pp. 254–269.
    [15]  I. Grishchenko, M. Maffei, and C. Schneidewind, “Foundations and tools for the staticanalysisofethereumsmartcontracts,”inComputerAidedVerification. Cham: Springer International Publishing, 2018, pp. 51–78.
    [16]  A. Hahn, R. Singh, C. Liu, and S. Chen, “Smart contract-based campus demon- stration of decentralized transactive energy auctions,” in 2017 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). Washington, DC, USA: IEEE, 2017, pp. 1–5.
    [17]  Y. Wang, S. Lahiri, S. Chen, R. Pan, I. Dillig, C. Born, I. Naseer, and K. Ferles, “Formal verification of workflow policies for smart contracts in azure blockchain,” in Verified Software: Theories, Tools and Experiments. Springer, September 2019.
    [18]  K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi, G. Gonthier, N. Kobeissi, N. Kulatova, A. Rastogi, T. Sibut-Pinote, N. Swamy, and S. Zanella- B ́eguelin, “Formal verification of smart contracts: Short paper,” in Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, ser. PLAS ’16. New York, NY, USA: ACM, 2016, pp. 91–96. [Online]. Available: http://doi.acm.org/10.1145/2993600.2993611
    [19]  N. Swamy, C. Hri ̧tcu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, J.-K. Zinzindohoue, and S. Zanella-B ́eguelin, “Dependent types and multi-monadic effects in f*,” in Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ser. POPL ’16. New York, NY, USA: ACM, 2016, pp. 256–270. [Online]. Available: http://doi.acm.org/10.1145/2837614.2837655
    [20]  A. Dika, “Ethereum smart contracts: Security vulnerabilities and security tools,” Master’s thesis, NTNU, 2017.
    [21]  P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Bu ̈nzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’18. New York, NY, USA: ACM, 2018, pp. 67–82. [Online]. Available: http://doi.acm.org/10.1145/3243734.3243780
    [22]  Ethereum, “Remix - solidity ide,” https://remix.ethereum.org/#optimize=false& version=builtin, 2019.
    [23]  SmartDec, “Smartdec — smart contracts security audit,” http://smartcontracts. smartdec.net/, 2017.
    [24]  B. Jiang, Y. Liu, and W. K. Chan, “Contractfuzzer: Fuzzing smart contracts for vulnerability detection,” in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ser. ASE 2018. New York, NY, USA: ACM, 2018, pp. 259–269. [Online]. Available: http: //doi.acm.org/10.1145/3238147.3238177
    [25]  Mythril, “Mythril,” https://mythx.io/, 2019.
    [26]  S. Kalra, S. Goel, M. Dhawan, and S. Sharma, “Zeus: Analyzing safety of smart contracts,” in NDSS. San Diego, California, USA: NDSS, 2018, pp. 1–12.
    [27]  J. Krupp and C. Rossow, “teether: Gnawing at ethereum to automatically exploit smart contracts,” in 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD: USENIX Association, Aug. 2018, pp. 1317–1333. [Online]. Available: https://www.usenix.org/conference/usenixsecurity18/presentation/krupp
    [28]  Y. Feng, E. Torlak, and R. Bod ́ık, “Precise attack synthesis for smart contracts,” CoRR, vol. abs/1902.06067, 2019. [Online]. Available: http: //arxiv.org/abs/1902.06067
    [29]  M. Suiche, “Porosity: A decompiler for blockchain-based smart contracts bytecode,” DEF CON, vol. 25, p. 11, 2017.
    [30]  E. Hildenbrandt, M. Saxena, X. Zhu, N. Rodrigues, P. Daian, D. Guth, and G. Rosu, “Kevm: A complete semantics of the ethereum virtual machine,” University of Illi- nois, Tech. Rep., 2017.
    [31]  S. Amani, M. B ́egel, M. Bortin, and M. Staples, “Towards verifying ethereum smart contract bytecode in isabelle/hol,” in Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, ser. CPP 2018. New York, NY, USA: ACM, 2018, pp. 66–77. [Online]. Available: http://doi.acm.org/10.1145/3167084
    [32]  A. Mavridou and A. Laszka, “Tool demonstration: Fsolidm for designing secure ethereum smart contracts,” in Principles of Security and Trust. Cham: Springer International Publishing, 2018, pp. 270–277.
    [33] ——, “Designing secure ethereum smart contracts: A finite state machine based approach,” in Financial Cryptography and Data Security, S. Meiklejohn and K. Sako, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2018, pp. 523–540.
    [34]  Nxt, “Nxt - the blockchain application platform,” https://nxtplatform.org/, 2019.
    [35]  Ethereum, “Ethereum blockchain explorer and search,” https://etherscan.io/, 2019.
    [36]  P. L. Seijas, S. J. Thompson, and D. McAdams, “Scripting smart contracts for dis- tributed ledger technology.” IACR Cryptology ePrint Archive, vol. 2016, p. 1156, 2016.
    [37]  O. Goldreich and Y. Oren, “Definitions and properties of zero-knowledge proof sys- tems,” Journal of Cryptology, vol. 7, no. 1, pp. 1–32, 1994.
    [38]  G. C. Necula, “Proof-carrying code,” in Proceedings of the 24th ACM SIGPLAN- SIGACT Symposium on Principles of Programming Languages, ser. POPL ’97. New York, NY, USA: Association for Computing Machinery, 1997, p. 106–119. [Online]. Available: https://doi.org/10.1145/263699.263712
    [39]  J. Rubin, M. Naik, and N. Subramanian, “Merkelized abstract syntax trees,” 2019.
    [40]  E. Albert, P. Gordillo, A. Rubio, and I. Sergey, “GASTAP: A gas analyzer for smart contracts,” CoRR, vol. abs/1811.10403, 2018. [Online]. Available: http://arxiv.org/abs/1811.10403
    [41]  D. Kebbal and P. Sainrat, “Combining symbolic execution and path enumeration in worst-case execution time analysis,” in 6th International Workshop on Worst- Case Execution Time Analysis (WCET’06), ser. OpenAccess Series in Informatics (OASIcs), F. Mueller, Ed., vol. 4. Dagstuhl, Germany: Schloss Dagstuhl–Leibniz- Zentrum fuer Informatik, 2006, pp. 33 – 38.
    [42]  B. Benhamamouch, B. Monsuez, and F. V ́edrine, “Computing wcet using symbolic execution,” in Second International Workshop on Verification and Evaluation of Computer and Communication Systems (VECoS 2008). UK: Springer International Publishing, 2008, pp. 1–12.
    [43]  A. Biere, J. Knoop, L. Kova ́cs, and J. Zwirchmayr, “The auspicious couple: Symbolic execution and wcet analysis,” in 13th International Workshop on Worst-Case Execu- tion Time Analysis, ser. OpenAccess Series in Informatics (OASIcs), C. Maiza, Ed., vol. 30. Dagstuhl, Germany: Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, 2013, pp. 53–63.
    [44]  C. S. Pa ̆s ̆areanu, R. Kersten, K. Luckow, and Q.-S. Phan, “Symbolic execution and recent applications to worst-case execution, load testing, and security analysis,” in Advances in Computers, ser. Advances in Computers, A. M. Memon, Ed. United States: Elsevier, 2019, vol. 113, pp. 289 – 314.
    [45]  T. Liang, A. Reynolds, N. Tsiskaridze, C. Tinelli, C. Barrett, and M. Deters, “An efficient smt solver for string constraints,” Formal Methods in System Design, vol. 48, no. 3, pp. 206–234, 2016.
    [46]  H.-E. Wang, T.-L. Tsai, C.-H. Lin, F. Yu, and J.-H. R. Jiang, “String analysis via automata manipulation with logic circuit representation,” in Computer Aided Verifi- cation, S. Chaudhuri and A. Farzan, Eds. Cham: Springer International Publishing, 2016, pp. 241–260.
    [47]  H.-E. Wang, S.-Y. Chen, F. Yu, and J.-H. R. Jiang, “A symbolic model checking approach to the analysis of string and length constraints,” in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ser. ASE 2018. New York, NY, USA: Association for Computing Machinery, 2018, p. 623–633. [Online]. Available: https://doi.org/10.1145/3238147.3238189
    [48]  A. Aydin, W. Eiers, L. Bang, T. Brennan, M. Gavrilov, T. Bultan, and F. Yu, “Parameterized model counting for string and numeric constraints,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ser. ESEC/FSE 2018. New York, NY, USA: Association for Computing Machinery, 2018, p. 400–410. [Online]. Available: https://doi.org/10.1145/3236024.3236064
    [49]  Counterparty, “Counterparty,” https://counterparty.io/, 2018.
    [50]  Stellar, “Stellar - develop the world’s new financial system,” https://www.stellar. org/, 2019.
    [51]  Lisk, “Home — lisk,” https://lisk.io/, 2019.
    [52]  L. de Moura and N. Bjørner, “Z3: An efficient smt solver,” in Tools and Algorithms for the Construction and Analysis of Systems, C. R. Ramakrishnan and J. Rehof, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008, pp. 337–340.
    [53]  Ethereum, “Installing the solidity compiler — solidity 0.4.21 documentation,” http: //solidity.readthedocs.io/en/v0.4.21/installing-solidity.html, 2017.
    [54]  Graphviz, “Graphviz - graph visualization software,” https://www.graphviz.org/, 2019.
    [55]  L. Gonnord, D. Monniaux, and G. Radanne, “Synthesis of ranking functions using extremal counterexamples,” in Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, ser. PLDI ’15. New York, NY, USA: Association for Computing Machinery, 2015, p. 608–618. [Online]. Available: https://doi.org/10.1145/2737924.2737976
    [56]  A. M. Ben-Amram, J. J. Dom ́enech, and S. Genaim, “Multiphase-linear ranking functions and their relation to recurrent sets,” in Static Analysis, B.-Y. E. Chang, Ed. Cham: Springer International Publishing, 2019, pp. 459–480.
    [57]  M. H. Peng, “Our analysis tools,” https://github.com/hichyen1207/ SmartContractCFG, 2019.
    描述: 碩士
    國立政治大學
    資訊管理學系
    107356010
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0107356010
    資料類型: thesis
    DOI: 10.6814/NCCU202001258
    顯示於類別:[資訊管理學系] 學位論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    601001.pdf747KbAdobe PDF20檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋