近期，不只是在資訊領域，區塊鏈技術的應用正在如火如荼的快速成長中。各種新興虛擬貨幣如雨後春筍般大量出現，新創產業也陸續利用發行ICO的方式募資。有賴於智能合約，區塊鏈能夠運用的領域越來越廣泛。智能合約的功能就像一支在區塊鏈上的程式，使用者可以對智能合約發起交易，交易的過程所執行的內容，則是由智能合約中的程式邏輯決定，比方說一個點數交換的智能合約，其中可能包含了點數的轉換或是儲值的功能。各式各樣的智能合約已經存在目前的區塊鏈環境中，但就像是一般的程式一樣，智能合約也是有可能成為惡意行為的攻擊對象。此次研究的目的，是希望能夠透過靜態分析，針對尚未執行前的智能合約進行惡意行為檢查。我們希望能夠讓使用者在尚未執行智能合約之前，就能夠先針對智能合約進行檢測。在部份的研究中，已經有些實用的工具能夠檢查出潛在的風險。而我們希望能夠針對智能合約執行時的錯誤例外進行分析，這些錯誤例外包含了堆疊溢位以及gas值超過區塊上限的情況。透過我們的分析，能夠知道智能合約中有沒有包含循環，從這些循環來找出錯誤例外的發生。

Decentralized cryptocurrencies are based on a distributed ledger (a publicly- readable record) of a sequence of transactions. Recently, applications based on blockchain technologies have grown fast in many fields in our life, not only in technical industries but also in others such as financial industries. Smart contracts are programs that can be triggered by blockchain transactions. The transaction logic is coding inside the smart contract and can be executed automatically. Transactions will be kept on blockchain and cannot be modified by others. However, just like other programs, there exist some dangerous actions that can make the smart contract vulnerable. It is essential for having a rigorous approach to checking the correctness of smart contracts. In this work, we investigate static analysis techniques to detect vulnerabilities that could be exploited by malicious executions at runtime. Mainly, we focus on unexpected exceptions that occur inside a smart contract, such as EVM stack overflow or massive consumption of gas, which may lead to abnormal termination or abortion of contract execution. We target on contract opcodes and build instruction level symbolic execution for gas consumption and stack simulation. The analysis process consists of control flow graph construction with gas and stack status associated blocks. We then apply depth-first search to detect cycles that may raise stack size and generate their path constraints for execution accordingly. By solving the path constraints, we identify the inputs to trigger the execution and detect potential vulnerabilities or massive gas consumption. Our model checking approach benefits from soundness from formal reasoning, as well as automation from systematic symbolic execution. We report our analysis results against various contracts on Etherscan.

[1] P. Dai, N. Mahi, J. Earls, and A. Norta, “Smart-contract value-transfer protocols on a distributed mobile application platform,” URL: https://qtum. org/uploads/-files/cf6d69348ca50dd985b60425ccf282f3. pdf, 2017.
[2] “Solidity-solidity 0.4.21 documentation.” https://solidity.readthedocs.io/en/develop/.
[3] “Counterparty.” https://counterparty.io/.
[4] “Stellar - develop the world’s new financial system.” https://www.stellar.org/.
[5] “Home — lisk.” https://lisk.io/.
[6] “The dao (organization) - wikipedia.” https://en.wikipedia.org/wiki/The_DAO_(organization).
[7] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts (sok),” in International Conference on Principles of Security and Trust, pp. 164–186, Springer, 2017.
[8] “coloredcoins.org.” http://coloredcoins.org/.
[9] “Create a democracy contract in ethereum.” https://www.ethereum.org/dao.
[10] “Monegraph.” https://monegraph.com/.
[11] K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi, “Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab,” in International Conference on Financial Cryptography and Data Security, pp. 79–94, Springer, 2016.
[12] T. Dickerson, P. Gazzillo, M. Herlihy, and E. Koskinen, “Adding concurrency to smart contracts,” in Proceedings of the ACM Symposium on Principles of Distributed Computing, pp. 303–312, ACM, 2017.
[13] M. Herlihy, V. Luchangco, M. Moir, and W. N. Scherer III, “Software transactional memory for dynamic-sized data structures,” in Proceedings of the twenty-second annual symposium on Principles of distributed computing, pp. 92–101, ACM, 2003.
[14] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269, ACM, 2016.
[15] “Oyente by oyente.” https://oyente.github.io/benchmarks/.
[16] K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi, G. Gonthier, N. Kobeissi, N. Kulatova, A. Rastogi, T. Sibut-Pinote, N. Swamy, et al., “Formal verification of smart contracts: Short paper,” in Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96, ACM, 2016.
[17] N. Swamy, C. Hrit¸cu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, et al., “Dependent types and multimonadic effects in f,” in ACM SIGPLAN Notices, vol. 51, pp. 256–270, ACM, 2016.
[18] A. Dika, “Ethereum smart contracts: Security vulnerabilities and security tools,” Master’s thesis, NTNU, 2017.
[19] “Securify - formal verification of ethereum smart contracts.” https://securify.ch/.
[20] “Smartdec — smart contracts security audit.” http://smartcontracts.smartdec.net/.
[21] M. Suiche, “Porosity: A decompiler for blockchain-based smart contracts bytecode,” DEF CON, vol. 25, 2017.
[22] E. Hildenbrandt, M. Saxena, X. Zhu, N. Rodrigues, P. Daian, D. Guth, and G. Rosu, “Kevm: A complete semantics of the ethereum virtual machine,” tech. rep., 2017.
[23] S. Amani, M. B´egel, M. Bortin, and M. Staples, “Towards verifying ethereum smart contract bytecode in isabelle/hol,” CPP. ACM. To appear, 2018.
[24] A. Mavridou and A. Laszka, “Tool demonstration: Fsolidm for designing secure ethereum smart contracts,” [25] “Finite-state machine - wikipedia.” https://en.wikipedia.org/wiki/Finite-state_machine.
[26] “Nxt - the blockchain application platform.” https://nxtplatform.org/.
[27] P. L. Seijas, S. J. Thompson, and D. McAdams, “Scripting smart contracts for distributed ledger technology.,” IACR Cryptology ePrint Archive, vol. 2016, p. 1156, 2016.
[28] “Zero-knowledge proof - wikipedia.” https://en.wikipedia.org/wiki/Zero-knowledge_proof.
[29] “Proof-carrying code - wikipedia.” https://en.wikipedia.org/wiki/Proof-carrying_code.
[30] J. Rubin, M. Naik, and N. Subramanian, “Merkelized abstract syntax trees.”
[31] “Ethereum network status.” https://ethstats.net/.
[32] “Ethereum blockchain explorer and search.” https://etherscan.io/.
[33] “Installing the solidity compiler — solidity 0.4.21 documentation.” http://solidity.readthedocs.io/en/v0.4.21/installing-solidity.html.
[34] “Remix - solidity ide.” https://remix.ethereum.org/#optimize=false&version=builtin.
[35] “Graphviz - graph visualization software.” https://www.graphviz.org/