Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts

Mossberg, Mark; Manzano, Felipe Andrés; Hennenfent, Eric; Groce, Alex; Grieco, Gustavo; Feist, Josselin; Brunson, Trent; Dinaburg, Artem

doi:10.1109/ase.2019.00133

Cited by 209 publications

(100 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…OYENTE applies symbolic execution (SE) to interpret the bytecode of smart contracts, and it can discover four kinds of vulnerabilities [8]. Manticore [9], MAIAN [11] and MythX [10] also leverages SE to discover vulnerabilities with different implementations and focus on different kinds of vulnerabilities. ETHRACER applies SE and partial-order reduction to discover event-ordering bugs arising from the unexpected ordering of events [16].…”

Section: B Offline Approachesmentioning

confidence: 99%

“…The inherent limitations of the selected techniques is another reason. For instance, symbolic-execution-based tools, such as OYENTE [8], Manticore [9], MythX [10], MAIAN [11], Osiris [15] may not discover all vulnerabilities due to path explosion. As another example, ContractFuzzer [12] is unlikely to reveal all vulnerabilities due to the low code coverage of black-box fuzzing.…”

Section: B Offline Approachesmentioning

confidence: 99%

“…To construct the information of control flow transfer, IAL abstracts the information of 2 EVM instructions, JUMP and JUMPI, because the control flow can be transferred after executing these instructions [39]. (9) Comparison. IAL obtains the information of comparison whenever a smart contract executes comparison instructions, including the executed instruction, the operands being compared and the comparison result.…”

Section: A Detailed Description Of Ialmentioning

confidence: 99%

See 2 more Smart Citations

SODA: A Generic Online Detection Framework for Smart Contracts

Chen

Cao

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Unfortunately, existing offline approaches for discovering the vulnerabilities in smart contracts or checking the correctness of smart contracts cannot conduct online detection of attacking transactions. Besides, existing online approaches only focus on specific attacks and cannot be easily extended to detect other attacks. Moreover, developing a new online detection system for smart contracts from scratch is time-consuming and requires deep understanding of blockchain internals, thus making it difficult to quickly implement and deploy mechanisms to detect new attacks. In this paper, we propose a novel generic online detection framework named SODA for smart contracts on any blockchains that support Ethereum virtual machine (EVM). SODA distinguishes itself from existing online approaches through its capability, efficiency, and compatibility. First, SODA empowers users to easily develop apps for detecting various attacks online (i.e., when attacks happen) by separating information collection and attack detection with layered design. At the higher layer, SODA provides unified interfaces to develop detection apps against various attacks. At the lower layer, SODA instruments EVM to collect all primitive information necessary to detect various attacks and constructs 11 kinds of structural information for the ease of developing apps. Based on SODA, users can develop new apps in a few lines of code without modifying EVM. Second, SODA is efficient, because we design on-demand information retrieval to reduce the overhead of information collection and adopt dynamic linking to eliminate the overhead of inter-process communication. Such design allows users to develop detection apps using any programming languages that can generate dynamic link libraries. Third, since more and more blockchains adopt EVM as smart contract runtime, SODA can be easily migrated to such blockchains without modifying apps. Based on SODA, we develop 8 detection apps to detect the attacks exploiting major vulnerabilities in smart contracts, and integrate SODA (including all apps) into 3 popular blockchains: Ethereum, Expanse and Wanchain. The extensive experimental results demonstrate the effectiveness and efficiency of SODA and our detection apps.

show abstract

Section: B Offline Approachesmentioning

confidence: 99%

Section: B Offline Approachesmentioning

confidence: 99%

Section: A Detailed Description Of Ialmentioning

confidence: 99%

See 1 more Smart Citation

SODA: A Generic Online Detection Framework for Smart Contracts

Chen

Cao

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Related Works. There is a surge of interest in analyzing and verifying smart contracts [32,12,24,28,26,9,25,31,21,44,20,22,38,36,4,34,43,19,30,35,29,23,46,14]. Some of the existing works focus on EVM [2,47] (Ethereum Virtual Machine).…”

Section: Introductionmentioning

confidence: 99%

A Generalized Formal Semantic Framework for Smart Contracts

Jiao

Lin

Sun

2020

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

Smart contracts can be regarded as one of the most popular blockchain-based applications. The decentralized nature of the blockchain introduces vulnerabilities absent in other programs. Furthermore, it is very difficult, if not impossible, to patch a smart contract after it has been deployed. Therefore, smart contracts must be formally verified before they are deployed on the blockchain to avoid attacks exploiting these vulnerabilities. There is a recent surge of interest in analyzing and verifying smart contracts. While most of the existing works either focus on EVM bytecode or translate Solidity contracts into programs in intermediate languages for analysis and verification, we believe that a direct executable formal semantics of the high-level programming language of smart contracts is necessary to guarantee the validity of the verification. In this work, we propose a generalized formal semantic framework based on a general semantic model of smart contracts. Furthermore, this framework can directly handle smart contracts written in different high-level programming languages through semantic extensions and facilitates the formal verification of security properties with the generated semantics.

show abstract

“…A key limitation in the advancement of binary analysis and other approaches to improving software security and reliability is that there is very little overlap between security experts familiar with tools such as angr [34], [35], [33], Manticore [27], or S2E [9], and the developers who produce most code that needs to be secure or highly reliable.…”

Section: Introductionmentioning

confidence: 99%

DeepState: Symbolic Unit Testing for C and C++

Goodman¹,

Groce²

2018

Proceedings 2018 Workshop on Binary Analysis Research

Self Cite

View full text Add to dashboard Cite

Unit testing is a popular software development methodology that can help developers detect functional regressions, explore boundary conditions, and document expected behavior. However, writing comprehensive unit tests is challenging and time-consuming, and developers seldom explore the obscure (and bug-hiding) corners of software behavior without assistance. DeepState is a tool that provides a Google Test-like API to give C and C++ developers pushbutton access to symbolic execution engines, such as Manticore and angr, and fuzzers, such as Dr. Fuzz. Rather than learning multiple complex tools, users learn one interface for defining a test harness, and can use various methods to automatically generate tests for software. In addition to providing a familiar interface to binary analysis and fuzzing for parameterized unit testing, DeepState also provides constructs that aid in the construction of API-sequence tests, where the tool chooses the functions or methods to call, allowing for even more diverse and powerful tests. By serving as a front-end to multiple tools, DeepState additionally provides a way to apply (novel) high-level strategies to test generation, and to compare effectiveness and efficiency of testing back-ends, including binary analysis tools.

show abstract

Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts

Cited by 209 publications

References 11 publications

SODA: A Generic Online Detection Framework for Smart Contracts

SODA: A Generic Online Detection Framework for Smart Contracts

A Generalized Formal Semantic Framework for Smart Contracts

DeepState: Symbolic Unit Testing for C and C++

Contact Info

Product

Resources

About