Description
Blockchains guarantee non-repudiation of decentralized information
stored in the shared ledger, a distributed network of peers. Apart from
storing information, blockchains such as Ethereum have the capability of
executing smart contracts - Turing-complete but limited programs which
may manipulate information stored in the blockchain and are executed in
consensus by the peers of the network. Correctness of smart contracts is
of utter importance, as once deployed to the blockchain, a smart
contract cannot be altered any more and many applications put extremely
high stakes into the correct execution of smart contracts, as shown by
the DAO hack where an incorrect smart contract resulted in a 60 mio. USD
loss which could only be resolved by a hard fork of the Ethereum
blockchain.
As especially the detection of data flow-sensitive vulnerabilities such
as integer overflows is prone to false positives if not based on a
precise data flow analysis, this this thesis proposes a Python-based
framework for an efficient and precise static taint analysis of EVM
bytecode. The reusable framework supports forward and backward taint
analysis and allows to precisely tell apart exploitable integer
overflows from non-critical bugs.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching