TY - GEN
T1 - Securify
T2 - 25th ACM Conference on Computer and Communications Security, CCS 2018
AU - Tsankov, Petar
AU - Dan, Andrei
AU - Drachsler-Cohen, Dana
AU - Gervais, Arthur
AU - Bünzli, Florian
AU - Vechev, Martin
N1 - Publisher Copyright: © 2018 Copyright held by the owner/author(s).
PY - 2018/10/15
Y1 - 2018/10/15
N2 - Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify’s analysis consists of two steps. First, it symbolically analyzes the contract’s dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed > 18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.
AB - Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify’s analysis consists of two steps. First, it symbolically analyzes the contract’s dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed > 18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.
KW - Security analysis
KW - Smart contracts
KW - Stratified Datalog
UR - http://www.scopus.com/inward/record.url?scp=85056848750&partnerID=8YFLogxK
U2 - 10.1145/3243734.3243780
DO - 10.1145/3243734.3243780
M3 - منشور من مؤتمر
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 67
EP - 82
BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 15 October 2018
ER -