Detection of Defects in Smart Contracts and Blockchain Applications

PhD Thesis Proposal Defence


Title: "Detection of Defects in Smart Contracts and Blockchain Applications"

by

Mr. Wuqi ZHANG


Abstract:

Blockchain technology has attracted significant interest with the advent of 
Turingcomplete smart contracts, which enable the autonomous execution of 
agreements without trusted intermediaries. The unique attributes of blockchain, 
i.e., decentralization, trustlessness, transparency, and tamper-resistance have 
revolutionized many domains, including finance, supply chain, government, 
gambling, etc. However, the very attributes present new challenges in the 
design and development of reliable and secure blockchain-based applications. 
The presence of bugs and vulnerabilities can undermine dependability and even 
lead to severe financial losses.

This thesis aims to enhance the reliability of blockchain-based systems through 
comprehensive studies of real-world defects and proposing innovative bug and 
vulnerability detection methodologies aligned with blockchain’s unique 
characteristics. The three main contributions of this thesis are as follows:

Understanding Real-world Front-Running Attacks. A large-scale, systematic 
analysis of historical front-running attacks on Ethereum is conducted, 
illuminating the limitations of existing detection techniques. Front-running 
attacks occur on smart contracts, which are on-chain components of 
blockchain-based applications, allowing adversaries to gain unethical profits 
from normal users’ transactions. By proposing a novel oracle to identify 
generic front-running attacks and developing an automated approach to localize 
the associated vulnerabilities, this study compiles an extensive dataset with 
ground truth for vulnerabilities. The evaluation of seven existing methods 
reveals their ineffectiveness, identifying four major limitations that offer 
insights for future advancements in vulnerability detection.

Innovative Static Analysis for Front-Running Vulnerability Detection. This 
dissertation introduces a new static analysis to detect front-running 
vulnerabilities in smart contracts. Unlike previous works, this thesis formally 
defines front-running vulnerability with a focus on exploitability to minimize 
false alarms. Due to the drastic increase in search space and analysis 
complexity, a novel static pruning technique is devised based on graph 
reachability analysis, coupled with a tailored symbolic execution engine to 
validate the existence of vulnerabilities. This approach is shown to 
significantly outperform previous techniques and has successfully uncovered 
three zero-day vulnerabilities in real-world smart contract audits.

Testing On-Chain-Off-Chain Synchronization in Blockchain-Based Applications. 
The third contribution of this thesis is the identification and testing of a 
previously undiscovered defect type, referred to as on-chain-off-chain 
synchronization bugs. These bugs, caused by improper handling of 
non-deterministic blockchain transactions, lead to inconsistencies between the 
internal states of on-chain and off-chain components. This dissertation models 
the non-deterministic lifecycle of blockchain transactions, based on which a 
novel test oracle is proposed to check the inconsistency between on-chain and 
off-chain states without the need for developer-provided specifications. An 
automated testing technique is designed, which has proven effective, detecting 
15 developer-confirmed bugs across 11 real-world applications.


Date:			Friday, 3 November 2023

Time:                  	5:00pm - 7:00pm

Venue:                  Room 4472
                         lifts 25/26

Committee Members:	Prof. Shing-Chi Cheung (Supervisor)
 			Prof. Fangzhen Lin (Chairperson)
 			Dr. Amir Goharshady
 			Dr. Shuai Wang


**** ALL are Welcome ****