Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Specification Mining for Smart Contracts with Trace Slicing and Predicate Abstraction (2403.13279v1)

Published 20 Mar 2024 in cs.SE

Abstract: Smart contracts are computer programs running on blockchains to implement Decentralized Applications.The absence of contract specifications hinders routine tasks, such as contract understanding and testing. Inthis work, we propose a specification mining approach to infer contract specifications from past transactionhistories. Our approach derives high-level behavioral automata of function invocations, accompanied byprogram invariants statistically inferred from the transaction histories. We implemented our approach as toolSmConand evaluated it on eleven well-studied Azure benchmark smart contracts and six popular real-worldDApp smart contracts. The experiments show thatSmConmines reasonably accurate specifications that canbe used to facilitate DApp understanding and development in terms of document maintenance and test suite improvement.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (61)
  1. 2015. EIP-20: A standard interface for tokens. https://eips.ethereum.org/EIPS/eip-20.
  2. 2017. CryptoPunks: Collectible Characters on the Ethereum Blockchain. https://github.com/larvalabs/cryptopunks/tree/master/test.
  3. 2021. Daikon. http://plse.cs.washington.edu/daikon/. The Daikon invariant detector.
  4. 2023. CryptoPunks. https://www.larvalabs.com/cryptopunks/.
  5. 2023. DAppRadar. https://dappradar.com/.
  6. 2023. Etherscan. https://etherscan.io.
  7. 2023. QuickNode. https://www.quicknode.com/.
  8. 2024a. Bug report in defective-component-counter smart contract. https://github.com/Azure-Samples/blockchain/issues/278.
  9. 2024b. Bug report in digital-locker smart contract. https://github.com/Azure-Samples/blockchain/issues/279.
  10. 2024c. Bug report in hello-blockchain smart contract. https://github.com/Azure-Samples/blockchain/issues/280.
  11. 2024d. Bug report in simple-marketplace smart contract. https://github.com/Azure-Samples/blockchain/issues/281.
  12. 2024. InvConPlus. https://github.com/Franklinliu/InvConPlus-Tool.
  13. Automata learning through counterexample guided abstraction refinement. In International Symposium on Formal Methods. Springer, 10–27.
  14. Dana Angluin. 1987. Learning regular sets from queries and counterexamples. Information and computation 75, 2 (1987), 87–106.
  15. Behavioral simulation for smart contracts. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 470–486.
  16. Leveraging existing instrumentation to automatically infer invariant-constrained models. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. 267–277.
  17. Alan W Biermann and Jerome A Feldman. 1972. On the synthesis of finite-state machines from samples of their behavior. IEEE transactions on Computers 100, 6 (1972), 592–597.
  18. Automated abstraction refinement for model checking large state spaces using SAT based conflict analysis. In International Conference on Formal Methods in Computer-Aided Design. Springer, 33–51.
  19. TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. In Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. 1503–1520.
  20. Kwang-Ting Cheng and Avinash S Krishnakumar. 1993. Automatic functional test generation using the extended finite state machine model. In 30th ACM/IEEE Design Automation Conference. IEEE, 86–91.
  21. Counterexample-guided abstraction refinement. In International Conference on Computer Aided Verification. Springer, 154–169.
  22. Automated abstractions for contract validation. IEEE Transactions on Software Engineering 38, 1 (2010), 141–162.
  23. Colin De la Higuera. 2010. Grammatical inference: learning automata and grammars. Vol. 24. Cambridge University Press. 291–293 pages.
  24. Dicether 2018. Dicether: A Secure dice game. https://dicether.github.io/paper/paper.pdf.
  25. Empirical review of automated analysis tools on 47,587 Ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International conference on software engineering. 530–541.
  26. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8–15.
  27. E Mark Gold. 1967. Language identification in the limit. Information and control 10, 5 (1967), 447–474.
  28. Susanne Graf and Hassen Saidi. 1997. Construction of abstract state graphs with PVS. In Computer Aided Verification, Vol. 97. 72–83.
  29. Specification mining for smart contracts with automatic abstraction tuning. arXiv preprint arXiv:1807.07822 (2018).
  30. ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. ACM, 259–269.
  31. Semantic understanding of smart contracts: Executable operational semantics of Solidity. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1695–1712.
  32. Automatic mining of specifications from invocation traces and method invariants. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 178–189.
  33. Results of the Abbadingo one DFA learning competition and a new evidence-driven state merging algorithm. In International Colloquium on Grammatical Inference. Springer, 1–12.
  34. Synergizing specification miners through model fissions and fusions (t). In 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 115–125.
  35. Tien-Duy B Le and David Lo. 2018. Deep specification mining. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. 106–117.
  36. Mining parametric specifications. In Proceedings of the 33rd International Conference on Software Engineering. 591–600.
  37. Securing smart contract with runtime validation. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 438–453.
  38. Learning Contract Invariants Using Reinforcement Learning. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. 1–11.
  39. Ye Liu and Yi Li. 2022. InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE).
  40. ModCon: A Model-Based Testing Platform for Smart Contracts. In Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE).
  41. Towards automated verification of smart contract fairness. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 666–677.
  42. Automated Invariant Generation for Solidity Smart Contracts. arXiv preprint arXiv:2401.00650 (2024).
  43. David Lo and Siau-Cheng Khoo. 2006. QUARK: Empirical assessment of automaton-based specification miners. In 2006 13th Working Conference on Reverse Engineering. IEEE, 51–60.
  44. Learning extended FSA from software: An empirical assessment. Journal of Systems and Software 85, 9 (2012), 2063–2076.
  45. Automatic generation of software behavioral models. In Proceedings of the 30th international conference on Software engineering. 501–510.
  46. Anastasia Mavridou and Aron Laszka. 2018a. Designing secure ethereum smart contracts: A finite state machine based approach. In International Conference on Financial Cryptography and Data Security. Springer, 523–540.
  47. Anastasia Mavridou and Aron Laszka. 2018b. Tool demonstration: FSolidM for designing secure Ethereum smart contracts. In International conference on principles of security and trust. Springer, 270–277.
  48. VeriSolid: Correct-by-design smart contracts for Ethereum. In International Conference on Financial Cryptography and Data Security. Springer, 446–465.
  49. Recurrent neural network based language model.. In Interspeech, Vol. 2. Makuhari, 1045–1048.
  50. MoonCatRescue 2022. MoonCatRescue. https://dappradar.com/ethereum/games/mooncatrescue.
  51. Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337–340.
  52. Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review (2008), 21260.
  53. Verx: Safety verification of smart contracts. In 2020 IEEE symposium on security and privacy (SP). IEEE, 1661–1677.
  54. Attacking the DeFi ecosystem with flash loans for fun and profit. In International Conference on Financial Cryptography and Data Security. Springer, 3–32.
  55. SuperRare 2022. SuperRare. https://www.dapp.com/app/SuperRare.
  56. SolType: refinement types for arithmetic overflow in solidity. Proceedings of the ACM on Programming Languages 6, POPL (2022), 1–29.
  57. Inferring extended finite state machine models from software executions. Empirical Software Engineering 21, 3 (2016), 811–853.
  58. VULTRON: Catching Vulnerable Smart Contracts Once and for All. In Proceedings of the 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). IEEE Press, 1–4.
  59. SMARTINV: Multimodal Learning for Smart Contract Invariant Inference. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 126–126.
  60. Formal verification of workflow policies for smart contracts in azure blockchain. In Working Conference on Verified Software: Theories, Tools, and Experiments. Springer, 87–106.
  61. Gavin Wood. 2014. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum project yellow paper 151 (2014), 1–32.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now