SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses

Choi, Jaeseung; Kim, Doyeon; Kim, Soomin; Grieco, Gustavo; Groce, Alex; Kil, Sang

doi:10.1109/ase51524.2021.9678888

Cited by 76 publications

(61 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For liquidation, private transactions are usually sent to Aave, dYdX, and Compound. Specifically, the most profitable transaction 15 is used for arbitrage. It earns 729.6836279 ETH and shares 706.3337518 ETH with the miner.…”

Section: Consensus Securitymentioning

confidence: 99%

“…They usually use static analysis approaches, such as symbolic execution, to uncover vulnerabilities and bugs in smart contracts. Some other works [15], [38], [40], [41], [43], [44], [53], [57], [72], [84] make use of fuzzing techniques to discover bugs in smart contracts. In contrast, our work analyzes private transactions to understand their mechanisms, incentives, and security risks.…”

Section: Bug Detection On Smart Contractsmentioning

confidence: 99%

See 1 more Smart Citation

An Empirical Study on Ethereum Private Transactions and the Security Implications

Lyu¹,

Zhang²,

Zhang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Recently, Decentralized Finance (DeFi) platforms on Ethereum are booming, and numerous traders are trying to capitalize on the opportunity for maximizing their benefits by launching front-running attacks and extracting Miner Extractable Values (MEVs) based on information in the public mempool. To protect end users from being harmed and hide transactions from the mempool, private transactions, a special type of transactions that are sent directly to miners, were invented. Private transactions have a high probability of being packed to the front positions of a block and being added to the blockchain by the target miner, without going through the public mempool, thus reducing the risk of being attacked by malicious entities.Despite the good intention of inventing private transactions, due to their stealthy nature, private transactions have also been used by attackers to launch attacks, which has a negative impact on the Ethereum ecosystem. However, existing works only touch upon private transactions as by-products when studying MEV, while a systematic study on private transactions is still missing. To fill this gap and paint a complete picture of private transactions, we take the first step towards investigating the private transactions on Ethereum. In particular, we collect largescale private transaction datasets and perform analysis on their characteristics, transaction costs and miner profits, as well as security impacts. This work provides deep insights on different aspects of private transactions.

show abstract

Section: Consensus Securitymentioning

confidence: 99%

Section: Bug Detection On Smart Contractsmentioning

confidence: 99%

An Empirical Study on Ethereum Private Transactions and the Security Implications

Lyu¹,

Zhang²,

Zhang³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Smartian [122] just started statically analyzing the contract bytecode and collecting the data stream. The seed pool ini-VOLUME XX, 2022 tialization predicts the sequence of transactions in some data stream and considers them as seeds for initialization.…”

Section: Figure 3 Schematic Diagram Of Ilf Process Frameworkmentioning

confidence: 99%

A Survey of DeFi Security: Challenges and Opportunities

Li¹,

Bu²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

Decentralized finance (DeFi), which is a promising domain since the era of blockchain 2.0, locked $200 billion in April 2022. However, it quickly dropped to $100 billion in May 2022, which makes us realize that security issues in this area are still a challenging job. DeFi is more complex than traditional finance because it is decentralized through blockchain and without a trustworthy third-party institution to act as a guarantee. So it owns not only financial properties but also technical aspects. Existing synthesis work for DeFi tends to ignore the relevance of various layers of security for the whole system. In addition, distinct layers have different means of protection against specific vulnerabilities, which is not considered by existing analytical work. In this paper, we perform a vulnerability analysis for the entire technology layer of the DeFi application, and then we collect the most impactive attacks in recent years. Finally, we summarize the existing optimization approaches for different layers and provide some challenges and future directions.

show abstract

“…In the papers [17], [19], [29], [30], [31], [34], [45], and [61], a newer method called mutation testing was introduced for the specific purpose of testing smart contracts. In addition, in the papers [20], [21], [23], [24], [26], [41], [42], [48], [53], [54], [55], and [56], another method called fuzz testing was introduced as well.…”

Section: ) Testing Data Challengesmentioning

confidence: 99%

Systematic Mapping of Testing Smart Contracts for Blockchain Applications

Imperius

Alahmar

2022

IEEE Access

View full text Add to dashboard Cite

In the last few years, the technological future becoming apparent by the introduction of smart contracts into mainstream technology, specifically in the development of Web3 and the metaverse. Smart contracts will play a vital role in the decentralization and autonomy of the day-to-day tasks that must be completed. Several literature reviews, considered secondary sources, highlight the current state of testing methods for smart contracts made for Blockchain applications. In this paper, we present the results from a systematic mapping study to give structure to the information found from primary sources. Systematic mapping is a well-known method to identify and categorize research papers in a field with an increasing amount of literature. For this systematic mapping, we searched for studies between 2017 and present-day (March 2022) and were able to find 303 results, from which 47 were selected, by specific inclusion and exclusion criteria, to be relevant to this study. A concept map was created from the information gathered from primary sources to the attributes such as research type, contribution type, blockchain network, smart contract language, development process, testing methods, and testing environment. We also categorized the trends and demographics found in the selected papers based on publication year, author's country, and more. The results of this systematic mapping showed that this field is very new and quickly increasing with new research. The researchers that are interested in this field could use the results found to create opportunities for their future work.

show abstract

SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses

Cited by 76 publications

References 43 publications

An Empirical Study on Ethereum Private Transactions and the Security Implications

An Empirical Study on Ethereum Private Transactions and the Security Implications

A Survey of DeFi Security: Challenges and Opportunities

Systematic Mapping of Testing Smart Contracts for Blockchain Applications

Contact Info

Product

Resources

About