Floragasse 7 – 5th floor, 1040 Vienna

Key Researcher Talk – “Sailfish: Efficient Detection of Smart Contract State-Inconsistency Bugs” by Christopher Kruegel (remote)

March 21, 2022
2:00 pm - 3:00 pm

Join the next edition of our Key Researcher Talk Series!

Sailfish: Efficient Detection of Smart Contract State-Inconsistency Bugs

Smart contracts are programs running on top of the Ethereum blockchain. These contracts have seen widespread adoption, and they power decentralized applications that manage billions of dollars. Consequently, a vulnerability in a contract can lead to significant financial losses.

In this talk, we introduce Sailfish, a scalable static analysis system to detect state-inconsistency (SI) bugs. These bugs enable an attacker to manipulate the global state (the storage variables) of a contract, either by tampering with the order of execution of multiple transactions (transaction order dependence) or the control-flow inside a single transaction (reentrancy).

Using static analysis to detect SI bugs poses significant scalability challenges. Sailfish tackles these challenges with a hybrid approach that combines a light-weight Explore phase, followed by a Refine phase guided by our novel value-summary analysis. Our Explore phase dramatically reduces the number of relevant instructions to reason about, while the value-summary analysis further improves performance while maintaining the precision of symbolic evaluation. We evaluated Sailfish on a data set of almost 90 thousand contracts, and we show that the tool is efficient and effective in detecting state-inconsistency bugs.

Agenda

14:00 – 14:10 Short Introduction by Edgar Weippl

14:10 – 14:30 Talk by Christopher Kruegel

14:30 – 15:00 Q&A

Speaker

Free Registration

Please reach out to us at events@sba-research.org if you would like to join. The talk will take place online.

This event is hosted by Vienna ACM SIGSAC Chapter and IEEE SMC/CS Austria Chapter.

IEEE Section Austria_logo_2016