VerX: Safety Verification of Smart Contracts

Permenev, Anton; Dimitrov, Dimitar; Tsankov, Petar; Drachsler-Cohen, Dana; Vechev, Martin

doi:10.1109/sp40000.2020.00024

Cited by 180 publications

(151 citation statements)

References 62 publications

Supporting

Mentioning

136

Contrasting

Order By: Relevance

“…This field may be of interest for virtual environment developers. A similar analysis at the low level was done in [83,84]. Some other projects are dedicated to the Distributed Application (DApp) deployment strategies in Ethereum as Truffle Drizzle [85].…”

Section: Emulation-based Approachesmentioning

confidence: 79%

Blockchain Evaluation Approaches: State-of-the-Art and Future Perspective

Smetanin

Ometov

Komarov

et al. 2020

Sensors

View full text Add to dashboard Cite

The present increase of attention toward blockchain-based systems is currently reaching a tipping point with the corporate focus shifting from exploring the technology potential to creating Distributed Ledger Technology (DLT)-based systems. In light of a significant number of already existing blockchain applications driven by the Internet of Things (IoT) evolution, the developers are still facing a lack of tools and instruments for appropriate and efficient performance evaluation and behavior observation of different blockchain architectures. This paper aims at providing a systematic review of current blockchain evaluation approaches and at identifying the corresponding utilization challenges and limitations. First, we outline the main metrics related to the blockchain evaluation. Second, we propose the blockchain modeling and analysis classification based on the critical literature review. Third, we extend the review with publicly accessible industrial tools. Next, we analyze the selected results for each of the proposed classes and outline the corresponding limitations. Finally, we identify current challenges of the blockchain analysis from the system evaluation perspective, as well as provide future perspectives.

show abstract

Section: Emulation-based Approachesmentioning

confidence: 79%

Blockchain Evaluation Approaches: State-of-the-Art and Future Perspective

Smetanin

Ometov

Komarov

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“… 173 , 177 , 178 , 179 , 180 , 181 Design tools for Turing-complete blockchains . Apart from commonly used techniques such as symbolic execution, 89 , 115 , 116 , 117 , 118 , 119 , 120 , 121 , 122 , 123 the fuzzing test 137 , 138 , 139 is another prevalent technique. Lightweight and scalable security analysis could be further considered to meet the potential need for the growth of contract size.…”

Section: Discussionmentioning

confidence: 99%

“…From another point of view, to improve the efficiency of analysis, VerX 123 adopts the concept of delayed predicate abstraction. Its main idea is to combine symbolic execution and abstraction methods: symbolic execution is used in the individual execution of transactions while abstraction is conducted between transactions.…”

Section: Constructing Smart Contracts With Turing-complete Languagesmentioning

confidence: 99%

A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems

Zhang

Liu

et al. 2021

Patterns

View full text Add to dashboard Cite

Summary Smart contracts are regarded as one of the most promising and appealing notions in blockchain technology. Their self-enforcing and event-driven features make some online activities possible without a trusted third party. Nevertheless, problems such as miscellaneous attacks, privacy leakage, and low processing rates prevent them from being widely applied. Various schemes and tools have been proposed to facilitate the construction and execution of secure smart contracts. However, a comprehensive survey for these proposals is absent, hindering new researchers and developers from a quick start. This paper surveys the literature and online resources on smart contract construction and execution over the period 2008–2020. We divide the studies into three categories: (1) design paradigms that give examples and patterns on contract construction, (2) design tools that facilitate the development of secure smart contracts, and (3) extensions and alternatives that improve the privacy or efficiency of the system. We start by grouping the relevant construction schemes into the first two categories. We then review the execution mechanisms in the last category and further divide the state-of-the-art solutions into three classes: private contracts with extra tools, off-chain channels, and extensions on core functionalities. Finally, we summarize several challenges and identify future research directions toward developing secure, privacy-preserving, and efficient smart contracts.

show abstract

“…ey focused on single reentrancy (SE) and independent miner transaction (MI) bug-related vulnerabilities. VerX [24] introduced a new symbolic execution engine in which delayed abstraction is applied to verify the functional safety properties of SC. ey first formalized the temporal safety properties of SC by extending Solidity language (i.e., always and once).…”

Section: Related Workmentioning

confidence: 99%

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

Ali

Abideen

Ullah

2021

Security and Communication Networks

View full text Add to dashboard Cite

Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.

show abstract

VerX: Safety Verification of Smart Contracts

Cited by 180 publications

References 62 publications

Blockchain Evaluation Approaches: State-of-the-Art and Future Perspective

Blockchain Evaluation Approaches: State-of-the-Art and Future Perspective

A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

Contact Info

Product

Resources

About