Bernhard Scholz scite author profile

Ethereum is a distributed blockchain platform, serving as an ecosystem for smart contracts: full-fledged intercommunicating programs that capture the transaction logic of an account. Unlike programs in mainstream languages, a gas limit restricts the execution of an Ethereum smart contract: execution proceeds as long as gas is available. Thus, gas is a valuable resource that can be manipulated by an attacker to provoke unwanted behavior in a victim's smart contract (e.g., wasting or blocking funds of said victim). Gas-focused vulnerabilities exploit undesired behavior when a contract (directly or through other interacting contracts) runs out of gas. Such vulnerabilities are among the hardest for programmers to protect against, as out-of-gas behavior may be uncommon in non-attack scenarios and reasoning about it is far from trivial. In this paper, we classify and identify gas-focused vulnerabilities, and present MadMax: a static program analysis technique to automatically detect gas-focused vulnerabilities with very high confidence. Our approach combines a control-flow-analysis-based decompiler and declarative program-structure queries. The combined analysis captures high-level domain-specific concepts (such as łdynamic data structure storagež and łsafely resumable loopsž) and achieves high precision and scalability. MadMax analyzes the entirety of smart contracts in the Ethereum blockchain in just 10 hours (with decompilation timeouts in 8% of the cases) and flags contracts with a (highly volatile) monetary value of over $2.8B as vulnerable. Manual inspection of a sample of flagged contracts shows that 81% of the sampled warnings do indeed lead to vulnerabilities, which we report on in our experiment. CCS Concepts: • Software and its engineering → General programming languages;

show abstract

Soufflé: On Synthesis of Program Analyzers

Jordan

2016

View full text Add to dashboard Cite

SOUFFLÉ is an open source programming framework that performs static program analysis expressed in Datalog on very large code bases, including points-to analysis on OpenJDK7 (1.4M program variables, 350K objects, 160K methods) in under a minute. SOUFFLÉ is being successfully used for Java security analyses at Oracle Labs due to (1) its high-performance, (2) support for rapid program analysis development, and (3) customizability. SOUFFLÉ incorporates the highly flexible Datalog-based program analysis paradigm while exhibiting performance results that are on-par with manually developed state-of-the-art tools. In this tool paper, we introduce the SOUFFLÉ architecture, usage and demonstrate its applicability for large-scale code analysis on the OpenJDK7 library as a use case. Parts of this research was conducted while visiting Oracle Labs, Australia as assistants and visiting professor.

show abstract

Vandal: A Scalable Security Analysis Framework for Smart Contracts

Brent¹,

Jurisevic²,

Kong³

et al. 2018

Preprint

View full text Add to dashboard Cite

The rise of modern blockchains has facilitated the emergence of smart contracts: autonomous programs that live and run on the blockchain. Smart contracts have seen a rapid climb to prominence, with applications predicted in law, business, commerce, and governance.Smart contracts are commonly written in a high-level language such as Ethereum's Solidity, and translated to compact low-level bytecode for deployment on the blockchain. Once deployed, the bytecode is autonomously executed, usually by a virtual machine. As with all programs, smart contracts can be highly vulnerable to malicious attacks due to deficient programming methodologies, languages, and toolchains, including buggy compilers. At the same time, smart contracts are also high-value targets, often commanding large amounts of cryptocurrency. Hence, developers and auditors need security frameworks capable of analysing low-level bytecode to detect potential security vulnerabilities.In this paper, we present Vandal: a security analysis framework for Ethereum smart contracts. Vandal consists of an analysis pipeline that converts low-level Ethereum Virtual Machine (EVM) bytecode to semantic logic relations. Users of the framework can express security analyses in a declarative fashion: a security analysis is expressed in a logic specification written in the Soufflé language. We conduct a large-scale empirical study for a set of common smart contract security vulnerabilities, and show the effectiveness and efficiency of Vandal. Vandal is both fast and robust, successfully analysing over 95% of all 141k unique contracts with an average runtime of 4.15 seconds; outperforming the current state of the art tools-Oyente, EthIR, Mythril, and Rattle-under equivalent conditions.

show abstract

Low contrast 3D reconstruction from C-arm data

Zellerhoff

Scholz

Ruehrnschopf

et al. 2005

View full text Add to dashboard Cite

Gigahorse: Thorough, Declarative Decompilation of Smart Contracts

Grech

Brent

Scholz

et al. 2019

View full text Add to dashboard Cite

3D Imaging with Flat-Detector C-Arm Systems

Strobel

Meissner

Boese

et al.

View full text Add to dashboard Cite

On fast large-scale program analysis in Datalog

Scholz¹,

Jordan²,

Subotić

et al. 2016

View full text Add to dashboard Cite

Designing and crafting a static program analysis is challenging due to the complexity of the task at hand. Among the challenges are modelling the semantics of the input language, finding suitable abstractions for the analysis, and handwriting efficient code for the analysis in a traditional imperative language such as C++. Hence, the development of static program analysis tools is costly in terms of development time and resources for real world languages. To overcome, or at least alleviate the costs of developing a static program analysis, Datalog has been proposed as a domain specific language (DSL). With Datalog, a designer expresses a static program analysis in the form of a logical specification. While a domain specific language approach aids in the ease of development of program analyses, it is commonly accepted that such an approach has worse runtime performance than handcrafted static analysis tools. In this work, we introduce a new program synthesis methodology for Datalog specifications to produce highly efficient monolithic C++ analyzers. The synthesis technique requires the re-interpretation of the semi-naïve evaluation as a scaffolding for translation using partial evaluation. To achieve high-performance, we employ stagedcompilation techniques and specialize the underlying relational data structures for a given Datalog specification. Experimentation on benchmarks for large-scale program analysis validates the superior performance of our approach over available Datalog tools and demonstrates our competitiveness with state-of-the-art handcrafted tools.

show abstract

Towards virtual electrical breast biopsy: space-frequency MUSIC for trans-admittance data

Scholz

2002

IEEE Trans. Med. Imaging

View full text Add to dashboard Cite

Breast cancer diagnosis may be improved by electrical immittance measurements. We have developed a novel method, space-frequency MUltiple Signal Classification (MUSIC), to determine three-dimensional positions and electrical parameters of focal lesions from multifrequency trans-admittance data recorded with a planar electrode array. A homogeneous infinite volume conductor containing focal inhomogeneities proved to be a useful patient-independent model for the breast containing focal lesions. Lesions polarized through the externally applied electric field are considered as distributions of aligned dipoles. Independence of the lesions' shape and size is achieved by a multipole expansion of such a dipole distribution. Thus, lesions are described by point-like multipoles. Their admittance contributions are given by a sum over products of multipole-specific source-sensor transfer functions, called lead fields, multiplied by their moments. Lesion localization corresponds to multipole search, and uses orthonormalized lead fields for comparison with a signal subspace from a singular value analysis of a space-frequency data matrix. At the locations found, the moments' frequency behavior is calculated which is assumed to be tissue-specific due to their dependence on conductivities. Results from clinical data show that space-frequency MUSIC successfully localizes lesions. Tissue differentiation might be possible, especially when the frequency range of the measurement system will be increased.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Bernhard Scholz

MadMax: surviving out-of-gas conditions in Ethereum smart contracts

Soufflé: On Synthesis of Program Analyzers

Vandal: A Scalable Security Analysis Framework for Smart Contracts

Low contrast 3D reconstruction from C-arm data

Gigahorse: Thorough, Declarative Decompilation of Smart Contracts

3D Imaging with Flat-Detector C-Arm Systems

On fast large-scale program analysis in Datalog

Towards virtual electrical breast biopsy: space-frequency MUSIC for trans-admittance data

Contact Info

Product

Resources

About