[Remote] TransRacer: Function Dependence-Guided Transaction Race Detection for Smart Contracts
Smart contracts are programs that define rules for transactions running on blockchains. Since any qualified transaction sequence within the same block can be orchestrated by the blockchain miner, unexpected results may occur due to data races between transactions (called transaction races). Surprisingly, transaction races in smart contracts have not been fully investigated. To address this, we propose \textsf{TransRacer}, an automated approach and open-source tool that employs symbolic execution to detect transaction races in smart contracts. \textsf{TransRacer} analyzes function dependences to identify transaction races hidden in specific contract states. It also generates witness transactions that can trigger such races. The experimental results on 50 real-world smart contracts show the effectiveness and efficiency of \textsf{TransRacer}: it detects 216 races in 656.5 minutes, including 108 race bugs leading to inconsistent states.
Wed 6 DecDisplayed time zone: Pacific Time (US & Canada) change
14:00 - 15:30 | Security IResearch Papers / Demonstrations / Journal First at Golden Gate C3 Chair(s): Abhik Roychoudhury National University of Singapore | ||
14:00 15mTalk | Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study Journal First Goran Piskachev Amazon Web Services, Matthias Becker Fraunhofer IEM, Eric Bodden University of Paderborn Media Attached | ||
14:15 15mTalk | Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects Research Papers Lida Zhao Singapore Management University, Singapore, Sen Chen College of Intelligence and Computing, Tianjin University, Zhengzi Xu Nanyang Technological University, Chengwei Liu Nanyang Technological University, Lyuye Zhang Nanyang Technological University, Wu Jiahui Nanyang Technological University, Jun Sun Singapore Management University, Yang Liu Nanyang Technological University Media Attached | ||
14:30 15mTalk | Input-driven Dynamic Program Debloating for Code-reuse Attack Mitigation Research Papers Xiaoke Wang Wuhan University, Tao Hui Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Lei Zhao Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Yueqiang Cheng NIO DOI Pre-print Media Attached | ||
14:45 7mTalk | MASC: A Tool for Mutation-based Evaluation of Static Crypto-API Misuse Detectors Demonstrations Amit Seal Ami William & Mary, Syed Yusuf Ahmed University of Dhaka, Radowan Mahmud Redoy University of Dhaka, Nathan Cooper William & Mary, Kaushal Kafle College of William & Mary, Kevin Moran University of Central Florida, Denys Poshyvanyk William & Mary, Adwait Nadkarni William & Mary Media Attached | ||
14:53 7mTalk | [Remote] llvm2CryptoLine: Verifying Arithmetic in Cryptographic C Programs Demonstrations Ruiling Chen Shenzhen University, Jiaxiang Liu Shenzhen University, Xiaomu Shi Institute of Software, Chinese Academy of Sciences, Ming-Hsien Tsai National Institute of Cyber Security, Bow-Yaw Wang , Bo-Yin Yang Academia Sinica Media Attached | ||
15:00 15mTalk | [Remote] Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java Research Papers Kaixuan Li East China Normal University, Sen Chen College of Intelligence and Computing, Tianjin University, Lingling Fan College of Cyber Science, Nankai University, Ruitao Feng University of New South Wales, Han Liu East China Normal University, Chengwei Liu Nanyang Technological University, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University Pre-print Media Attached | ||
15:15 15mTalk | [Remote] TransRacer: Function Dependence-Guided Transaction Race Detection for Smart Contracts Research Papers Chenyang Ma Nanjing University of Science and Technology, Wei Song Nanjing University of Science and Technology, Jeff Huang Texas A&M University DOI Pre-print Media Attached | ||