Tuesday, April 9, 2019

ANU Seminar on Blockchain Smart Contracts, Canberra, 3 pm, 12 April 2019

Dr. Neville Grech, from University of Athens, will speak on "Gigahorse: Thorough Smart Contract Decompilation and Security Analyses" at the Australian National University in Canberra, Computer Science and IT Building (No 108), room N224, 3pm, 12 April 2019. Free, no RSVP required.


Smart contracts on blockchain platforms (e.g., Ethereum) represent a software domain with critical correctness needs. Smart contract users and security auditors can greatly benefit from a mechanism to recover the original structure of contracts, as evident from past work: many security analyses of smart contracts begin with a decompilation step.

In this talk, we present the Gigahorse framework, which is at the core of the the contract-library.com service. Contract-library.com contains the most complete, high-level decompiled representation of all Ethereum smart contracts, with security analyses applied to these in realtime.

The Gigahorse framework is a decompilation and security analysis framework that natively supports Ethereum Virtual Machine (EVM) bytecode. Its internal intermediate representation of smart contracts makes implicit data- and control-flow dependencies of the EVM bytecode explicit. Using this framework we have developed and adapted several advanced high-level client analyses, including MadMax and Ethainter. All our client analyses benefit from high-level domain-specific concepts (such as "dynamic data structure storage" and "safely resumable loops") and achieve high precision and scalability.

 One such client analysis, MadMax, flags contracts with a current monetary value in the $B range. (Manual inspection of a sample of flagged contracts shows that 81% of the sampled warnings do indeed lead to vulnerabilities.)


I am currently a Reach High fellow at the University of Athens, as well as at the University of Malta. My areas expertise include program analysis, applied to security and other properties. I have also published in the areas of embedded systems, smart contracts (including a distinguished paper award at OOPSLA), semantics and generative programming. My research tools include decompilers and security analyzers for the Ethereum platform (contract-library.com) and Java pointer and taint analysis frameworks (Doop, P/Taint and HeapDL). Previously, I was a Senior Research Associate at the University of Bristol, and have worked in industry as a Data Scientist and Software Engineer. I hold a PhD from the University of Southampton.

No comments:

Post a Comment