SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds
This addresses security vulnerabilities in smart contracts for blockchain developers and users, representing a strong specific gain rather than an incremental improvement.
The paper tackles the problem of automatically detecting state-inconsistency bugs in smart contracts by introducing SAILFISH, a hybrid system that combines light-weight exploration and precise symbolic evaluation, resulting in the discovery of 47 previously unknown vulnerabilities in 89,853 contracts and outperforming five state-of-the-art analyzers in performance and precision.
This paper presents SAILFISH, a scalable system for automatically finding state-inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid approach that includes (i) a light-weight exploration phase that dramatically reduces the number of instructions to analyze, and (ii) a precise refinement phase based on symbolic evaluation guided by our novel value-summary analysis, which generates extra constraints to over-approximate the side effects of whole-program execution, thereby ensuring the precision of the symbolic evaluation. We developed a prototype of SAILFISH and evaluated its ability to detect two state-inconsistency flaws, viz., reentrancy and transaction order dependence (TOD) in Ethereum smart contracts. Further, we present detection rules for other kinds of smart contract flaws that SAILFISH can be extended to detect. Our experiments demonstrate the efficiency of our hybrid approach as well as the benefit of the value summary analysis. In particular, we show that S SAILFISH outperforms five state-of-the-art smart contract analyzers (SECURITY, MYTHRIL, OYENTE, SEREUM and VANDAL ) in terms of performance, and precision. In total, SAILFISH discovered 47 previously unknown vulnerable smart contracts out of 89,853 smart contracts from ETHERSCAN .