University of California researchers developed a technique to discover inconsistencies in Smart Contracts. The scalable technique presented will be able to check smart contracts and minimize state-inconsistency bugs, finding forty-seven zero-day vulnerabilities on the Ethereum blockchain during the process.
What are Smart Contracts?
Smart Contracts are programs stored on the blockchain and executed automatically when default conditions are met, depending on the encoded terms of the agreement.
The programs allow authorized transactions agreements to be used by unknown parties without the central authority. This means the code itself is the final part of the trade, it controls all the execution as well as provides an immutable evidentiary audit chain of transactions. These transactions are both irreversible and trackable.
According to the researchers, “since smart contracts are not easily upgradable, auditing the contract’s source pre-deployment, and deploying a bug-free contract is even more important than in the case of traditional software.”
What is Sailfish?
Sailfish aims to find inconsistencies in smart contracts, allowing bad actors to interfere with the execution order or transactions. This affects the control flow in a single transaction, for instance, reentrancy. Sailfish is a tool used to convert a contract into a dependency graph, capturing control and data flow relations between state-changing instructions and storing variables of a smart contract.
It helps discover potential inconsistencies. According to the researchers they have analyzed Sailfish on 89,853 contracts retrieved from Etherscan. Enabling them to find 47 zero-day vulnerabilities that can be exploited to extract Ether. These can also comprise application-specific metadata.
According to media reports, “This is not the first time problematic smart contracts have attracted attention from academia. In September 2020, Chinese researchers designed a framework for categorizing known weaknesses in smart contracts with the goal of providing a detection criterion for each of the bugs.”