Exploiting The Laws of Order in Smart Contracts

TL;DR

This paper introduces ETHRACER, an automated tool that detects subtle event-ordering bugs in smart contracts by applying partial-order reduction and symbolic execution, uncovering vulnerabilities in contracts holding hundreds of millions of dollars.

Contribution

It formulates event-ordering bugs as concurrency issues, and develops ETHRACER, the first tool to efficiently analyze Ethereum bytecode for these bugs without user hints.

Findings

ETHRACER detects EO bugs in 7-11% of analyzed contracts.

Half of flagged contracts contain subtle, critical EO bugs.

ETHRACER runs efficiently, analyzing contracts in about 18.5 minutes.

Abstract

We investigate a family of bugs in blockchain-based smart contracts, which we call event-ordering (or EO) bugs. These bugs are intimately related to the dynamic ordering of contract events, i.e., calls of its functions on the blockchain, and enable potential exploits of millions of USD worth of Ether. Known examples of such bugs and prior techniques to detect them have been restricted to a small number of event orderings, typicall 1 or 2. Our work provides a new formulation of this general class of EO bugs as finding concurrency properties arising in long permutations of such events. The technical challenge in detecting our formulation of EO bugs is the inherent combinatorial blowup in path and state space analysis, even for simple contracts. We propose the first use of partial-order reduction techniques, using happen-before relations extracted automatically for contracts, along with several other optimizations built on a dynamic symbolic execution technique. We build an automatic tool called ETHRACER that requires no hints from users and runs directly on Ethereum bytecode. It flags 7-11% of over ten thousand contracts analyzed in roughly 18.5 minutes per contract, providing compact event traces that human analysts can run as witnesses. These witnesses are so compact that confirmations require only a few minutes of human effort. Half of the flagged contracts have subtle EO bugs, including in ERC-20 contracts that carry hundreds of millions of dollars worth of Ether. Thus, ETHRACER is effective at detecting a subtle yet dangerous class of bugs which existing tools miss.