Show simple item record

dc.contributor.authorAzzopardi, Shaun
dc.contributor.authorEllul, Joshua
dc.contributor.authorFalzon, Ryan
dc.contributor.authorPace, Gordon J.
dc.date.accessioned2022-11-15T12:25:47Z
dc.date.available2022-11-15T12:25:47Z
dc.date.issued2022
dc.identifier.urihttps://hdl.handle.net/2077/74145
dc.description.abstractSmart contracts exist immutably on blockchains, making their pre-deployment correctness essential. Moreover, they exist openly on blockchains—open for interaction with any other smart contract and offchain entity. Interaction, for instance with off-chain oracles, can affect the state of the smart contract, and correctness of these smart contracts may depend on the trustworthiness of the data they manipulate or events they generate which, in turn, would depend on which parties or what information contributed to them. In this paper, we develop and present dynamic taint analysis techniques to enable data tainting in smart contracts. We propose an extension of Solidity that enables labelling inputs of interaction endpoints with dynamic data-carrying labels that capture actionable information about the sender. These labels can then be propagated dynamically across transactions to transitively dependent data. Specifications can then refer to such taints, for instance for ensuring that certain data could not have been influenced through interaction by a certain party. We further allow the use of taints as part of the language, affecting the control flow of the smart contract. To manage the overheads of such runtime tainting we develop sound static analysis-based techniques to prune away unnecessary instrumentation. We give a case study as a proof-of-concept, and measure the overheads associated with our additions before and after optimisation.en
dc.language.isoengen
dc.publisherLecture Notes in Computer Science book series (LNCS,volume 13498)en
dc.subjecttaint analysisen
dc.subjectruntime verificationen
dc.subjectstatic analysisen
dc.titleTainting in Smart Contracts: Combining Static and Runtime Verificationen
dc.typeTexten
dc.type.svepconference paper, peer revieweden


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record