Computer Systems & Security Group, USTC

Home
Publications
Projects
Courses
Members

SmartSec: The Smart Contract Security Project

Overview:

Smart contracts are programs that executed inside a peer-to-peer network where nobody has special authority over the execution, thus have been widely used to implement functionalities such as tokens of value, ownership, voting, finance, management, healthcare, and internet of things (IoTs). Once the smart contract code is written, it is compiled into bytecode by the contract compilers, and stored on the Ethernet blockchain platform for execution. When a node in the network sends a transaction to the address where the smart contract resides or when certain conditions are satisfied, the smart contract code will be triggered. Then the smart contract will automatically execute, independently and automatically, on each network node in a prescribed manner. Because smart contracts mostly involves monetary transactions, security is of paramount importance.

In recent years, many vulnerabilities and security issues have been detected or reported for smart contracts. These security issues include integer overflows, reentrancy, unauthorized access, external calls, arithmetic overflows, unsafe type inference, costly loops, overpowered owners, and so on. These vulnerabilities often lead to considerable losses. For example, the famous the Dao attack stole 3.6 million Ether coins by exploiting a contractual vulnerability in recursive calls, which eventually led to a hard fork of Ether.

The goal of the SmartSec project is to investigate the security of smart contract. To be specific, this project aims to:

  • perform thorough study on vulnerabilities of smart contract in the wild, and investigate the common bug patterns;
  • perform empirical study on mainstream smart contract toolchains,discuss and reveal the security issues on them;
  • develop practical tools to detect and fix vulnerabilities in smart contracts.
Publications:
  • An Empirical Study of Smart Contract Disassemblers. [pdf]
    Xia Liu, Baojian Hua, and, Qiliang Fan.
    Submitted. 2022.

Members:
  • Qiliang Fan
  • Baojian Hua
  • Xia Liu
  • Zhizhong Pan