VULTRON: Catching Vulnerable Smart Contracts Once and for All
Haijun Wang, Yi Li, Shang-Wei Lin, Lei Ma, and Yang Liu
In Proceedings of the 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), 2019
Abstract: Despite the high stakes involved, smart contracts are often written in an undisciplined way thus far. The existence of vulnerabilities compromises the security and reliability of smart contracts, and endangers the trust of participants in their ongoing businesses. Existing vulnerability detection techniques are often designed case-by-case, making them difficult to generalize. In this paper, we design general principles for detecting vulnerable smart contracts. Our insight is that almost all the existing transaction related vulnerabilities are due to the mismatch between the actual transferred value and the amount reflected on the contract’s internal bookkeeping. Based on this, we propose a precise and generally applicable technique, VULTRON, which can detect irregular transactions due to various types of adversarial exploits. We also report on preliminary results applying our technique in real-world case studies.