|
@@ -1,83 +1 @@
|
1
|
|
-@INPROCEEDINGS{smartian,
|
2
|
|
- author={Choi, Jaeseung and Kim, Doyeon and Kim, Soomin and Grieco, Gustavo and Groce, Alex and Cha, Sang Kil},
|
3
|
|
- booktitle={2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
|
4
|
|
- title={SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses},
|
5
|
|
- year={2021},
|
6
|
|
- volume={},
|
7
|
|
- number={},
|
8
|
|
- pages={227-239},
|
9
|
|
- doi={10.1109/ASE51524.2021.9678888}}
|
10
|
1
|
|
11
|
|
-@inproceedings{fuzzdrivegen,
|
12
|
|
- author = {Pani, Siddhasagar and Nallagonda, Harshita Vani and Vigneswaran and Medicherla, Raveendra Kumar and Rajan M},
|
13
|
|
- title = {SmartFuzzDriverGen: Smart Contract Fuzzing Automation for Golang},
|
14
|
|
- year = {2023},
|
15
|
|
- isbn = {9798400700644},
|
16
|
|
- publisher = {Association for Computing Machinery},
|
17
|
|
- address = {New York, NY, USA},
|
18
|
|
- url = {https://doi.org/10.1145/3578527.3578538},
|
19
|
|
- doi = {10.1145/3578527.3578538},
|
20
|
|
- abstract = {Greybox fuzzers require intermediate programs called fuzz drivers to test smart contract APIs. These fuzz drivers use the semi-random inputs (bytes) generated by fuzzers to prepare suitable inputs required to test APIs. Further, fuzz driver also uses this input to decide sequence in which APIs to be invoked and enables the fuzzer to execute the APIs in that sequence to find the vulnerabilities, if any. Manually writing such complex and intelligent fuzz drivers is laborious, requires deep technical skills, hence can be cumbersome and error prone. In this paper, we propose SmartFuzzDriverGen framework to automatically generate fuzz drivers which invoke smart contract APIs using different strategies: unit-level, sequence-based (random, user-defined), and heuristics based. We evaluate the proposed framework by testing a prototype implementation of it with Golang smart contracts (targeted for Hyperledger Fabric platform) and study the effectiveness of the generated fuzz drivers in terms of code coverage as well as bug finding abilities. We observed that fuzzing of APIs in random sequences performed better than the other methods.},
|
21
|
|
- booktitle = {Proceedings of the 16th Innovations in Software Engineering Conference},
|
22
|
|
- articleno = {14},
|
23
|
|
- numpages = {11},
|
24
|
|
- keywords = {smart contracts, vulnerability detection, automated driver generation, blockchain, fuzzing, sequencing},
|
25
|
|
- location = {Allahabad, India},
|
26
|
|
- series = {ISEC '23}
|
27
|
|
-}
|
28
|
|
-
|
29
|
|
-@inproceedings {teether,
|
30
|
|
- author = {Johannes Krupp and Christian Rossow},
|
31
|
|
- title = {{teEther}: Gnawing at Ethereum to Automatically Exploit Smart Contracts},
|
32
|
|
- booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
|
33
|
|
- year = {2018},
|
34
|
|
- isbn = {978-1-939133-04-5},
|
35
|
|
- address = {Baltimore, MD},
|
36
|
|
- pages = {1317--1333},
|
37
|
|
- url = {https://www.usenix.org/conference/usenixsecurity18/presentation/krupp},
|
38
|
|
- publisher = {USENIX Association},
|
39
|
|
- month = aug
|
40
|
|
-}
|
41
|
|
-
|
42
|
|
-@inproceedings{securify,
|
43
|
|
- author = {Tsankov, Petar and Dan, Andrei and Drachsler-Cohen, Dana and Gervais, Arthur and B\"{u}nzli, Florian and Vechev, Martin},
|
44
|
|
- title = {Securify: Practical Security Analysis of Smart Contracts},
|
45
|
|
- year = {2018},
|
46
|
|
- isbn = {9781450356930},
|
47
|
|
- publisher = {Association for Computing Machinery},
|
48
|
|
- address = {New York, NY, USA},
|
49
|
|
- url = {https://doi.org/10.1145/3243734.3243780},
|
50
|
|
- doi = {10.1145/3243734.3243780},
|
51
|
|
- abstract = {Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed >18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.},
|
52
|
|
- booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
|
53
|
|
- pages = {67–82},
|
54
|
|
- numpages = {16},
|
55
|
|
- keywords = {smart contracts, stratified datalog, verification, security analysis},
|
56
|
|
- location = {Toronto, Canada},
|
57
|
|
- series = {CCS '18}
|
58
|
|
-}
|
59
|
|
-
|
60
|
|
-@MISC{
|
61
|
|
- doughoyte,
|
62
|
|
- author = {doughoyte},
|
63
|
|
- title = {MerdeToken: It's Some Hot Shit},
|
64
|
|
- note = {\url{https://github.com/Arachnid/uscc/tree/master/submissions-2017/doughoyte} [Accessed: Oct. 27th 2023]}
|
65
|
|
-}
|
66
|
|
-
|
67
|
|
-@article{multilayer,
|
68
|
|
-author = {Duan, Li and Sun, Yangyang and Zhang, Ke-Jia and Ding, Yong},
|
69
|
|
-year = {2022},
|
70
|
|
-month = {02},
|
71
|
|
-pages = {},
|
72
|
|
-title = {Multiple-Layer Security Threats on the Ethereum Blockchain and Their Countermeasures},
|
73
|
|
-volume = {2022},
|
74
|
|
-journal = {Security and Communication Networks},
|
75
|
|
-doi = {10.1155/2022/5307697}
|
76
|
|
-}
|
77
|
|
-
|
78
|
|
-@inproceedings{Kalra2018ZEUSAS,
|
79
|
|
- title={ZEUS: Analyzing Safety of Smart Contracts},
|
80
|
|
- author={Sukrit Kalra and Seep Goel and Mohan Dhawan and Subodh Sharma},
|
81
|
|
- booktitle={Network and Distributed System Security Symposium},
|
82
|
|
- year={2018},
|
83
|
|
-}
|