Gigahorse: Thorough Smart Contract Decompilation and Security Analyses

Smart contracts on blockchain platforms (e.g., Ethereum) represent a software domain with critical correctness needs. Smart contract users and security auditors can greatly benefit from a mechanism to recover the original structure of contracts, as evident from past work: many security analyses of smart contracts begin with a decompilation step.

In this talk, we present the Gigahorse framework, which is at the core of the contract-library.com service. Contract-library.com contains the most complete, high-level decompiled representation of all Ethereum smart contracts, with security analyses applied to these in realtime. The Gigahorse framework is a decompilation and security analysis framework that natively supports Ethereum Virtual Machine (EVM) bytecode. Its internal intermediate representation of smart contracts makes implicit data- and control-flow dependencies of the EVM bytecode explicit. Using this framework we have developed and adapted several advanced high-level client analyses, including MadMax and Ethainter. All our client analyses benefit from high-level domain-specific concepts (such as "dynamic data structure storage" and "safely resumable loops") and achieve high precision and scalability.
 
One such client analysis, MadMax, flags contracts with a current monetary value in the $B range. (Manual inspection of a sample of flagged contracts shows that 81% of the sampled warnings do indeed lead to vulnerabilities.)
 

Biography

I am currently a Reach High fellow at the University of Athens, as well as at the University of Malta. My areas expertise include program analysis, applied to security and other properties. I have also published in the areas of embedded systems, smart contracts (including a distinguished paper award at OOPSLA), semantics and generative programming. My research tools include decompilers and security analyzers for the Ethereum platform (contract-library.com) and Java pointer and taint analysis frameworks (Doop, P/Taint and HeapDL). Previously, I was a Senior Research Associate at the University of Bristol, and have worked in industry as a Data Scientist and Software Engineer. I hold a PhD from the University of Southampton.

Date & time

3–4pm 12 Apr 2019

Location

Room:CSIT N224 (Computer Systems Commons)

Speakers

Dr. Neville Grech

Contacts

Updated:  1 June 2019/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing