TODLER : A Transaction Ordering Dependency anaLyzER - for Ethereum Smart Contracts
(2023) 6th IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB 2023 p.9-16- Abstract
Smart contracts are programs with data (mutable state); stored on and executed by blockchain platforms. The transactions (or function invocations) dispatched to smart contracts often change their state. In the Ethereum blockchain, nodes (aka miners/validators) can schedule a set of transactions in any order in a block. Multiple transactions in a single block operating on a contract's shared state may yield different outcomes based on their execution order, thus creating a possibility for non-determinism and races between transactions. The resulting issue in Ethereum smart contracts is Transaction Ordering Dependency (TOD). Detecting a TOD requires identifying valid transactions affecting a contract's global/state variables which is... (More)
Smart contracts are programs with data (mutable state); stored on and executed by blockchain platforms. The transactions (or function invocations) dispatched to smart contracts often change their state. In the Ethereum blockchain, nodes (aka miners/validators) can schedule a set of transactions in any order in a block. Multiple transactions in a single block operating on a contract's shared state may yield different outcomes based on their execution order, thus creating a possibility for non-determinism and races between transactions. The resulting issue in Ethereum smart contracts is Transaction Ordering Dependency (TOD). Detecting a TOD requires identifying valid transactions affecting a contract's global/state variables which is equivalent to detecting read-after-write dependencies in race detection, and we expect it to be similarly nontrivial for human developers. In this paper, we identify various TODs, including a novel type previously undocumented in the literature. To detect these TODs, we propose an information flow analysis-based static analyzer, TODler. Our manual evaluation of 108 Ethereum smart contracts shows that TODler outperforms previously available approaches in terms of both run time and precision and also detects the novel TOD pattern identified in this paper.
(Less)
- author
- Munir, Sundas and Reichenbach, Christoph LU
- organization
- publishing date
- 2023
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- smart contracts, static analysis, vulnerability detection
- host publication
- Proceedings - 2023 IEEE/ACM 6th International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB 2023
- pages
- 8 pages
- publisher
- IEEE - Institute of Electrical and Electronics Engineers Inc.
- conference name
- 6th IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB 2023
- conference location
- Melbourne, Australia
- conference dates
- 2023-05-14
- external identifiers
-
- scopus:85169085075
- ISBN
- 9798350301922
- DOI
- 10.1109/WETSEB59161.2023.00007
- language
- English
- LU publication?
- yes
- additional info
- Publisher Copyright: © 2023 IEEE.
- id
- 55fcc32f-70f4-4fb1-a044-f28e7a57f015
- date added to LUP
- 2023-09-13 08:57:11
- date last changed
- 2023-11-22 23:46:45
@inproceedings{55fcc32f-70f4-4fb1-a044-f28e7a57f015, abstract = {{<p>Smart contracts are programs with data (mutable state); stored on and executed by blockchain platforms. The transactions (or function invocations) dispatched to smart contracts often change their state. In the Ethereum blockchain, nodes (aka miners/validators) can schedule a set of transactions in any order in a block. Multiple transactions in a single block operating on a contract's shared state may yield different outcomes based on their execution order, thus creating a possibility for non-determinism and races between transactions. The resulting issue in Ethereum smart contracts is Transaction Ordering Dependency (TOD). Detecting a TOD requires identifying valid transactions affecting a contract's global/state variables which is equivalent to detecting read-after-write dependencies in race detection, and we expect it to be similarly nontrivial for human developers. In this paper, we identify various TODs, including a novel type previously undocumented in the literature. To detect these TODs, we propose an information flow analysis-based static analyzer, TODler. Our manual evaluation of 108 Ethereum smart contracts shows that TODler outperforms previously available approaches in terms of both run time and precision and also detects the novel TOD pattern identified in this paper.</p>}}, author = {{Munir, Sundas and Reichenbach, Christoph}}, booktitle = {{Proceedings - 2023 IEEE/ACM 6th International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB 2023}}, isbn = {{9798350301922}}, keywords = {{smart contracts; static analysis; vulnerability detection}}, language = {{eng}}, pages = {{9--16}}, publisher = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}}, title = {{TODLER : A Transaction Ordering Dependency anaLyzER - for Ethereum Smart Contracts}}, url = {{http://dx.doi.org/10.1109/WETSEB59161.2023.00007}}, doi = {{10.1109/WETSEB59161.2023.00007}}, year = {{2023}}, }