[06-21] Smart Contracts: Vulnerabilities and An Alternative
Title: Smart Contracts: Vulnerabilities and An Alternative
Speaker: James Yang (Western Michigan University) and Anita Xie (Blackcloud Technologies Inc.)
Time: 10:00, June 21st, 2018
Venue: Room 334, Building 5, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences
Smart contracts built on top of the blockchain technology provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The technology claims to have the potential to revolutionize many industries. However, smart contracts have become a magnate for cyberattacks and millions of dollars were stolen. In the first part of the talk, we present a symbolic execution based approach that automatically identify a small number of critical program paths that may have vulnerabilities. Our approach has been implemented in a tool called sCompile, which has been applied to more than 10,000 smart contracts. The experiment results show that sCompile is efficient, i.e., it spends 6.58 seconds on average to analyze a smart contract. Furthermore, we show that many known vulnerability can be captured if the user inspects as few as the top 5 program paths generated by sCompile. Using sCompile, we identify 92 previously unknown vulnerabilities.
In the second part, we present a decentralized autonomous platform that is drastically different from current blockchain technology. It is not only more secure but also more efficient and user-friendly. We will also discuss a new search engine that is built on top of the decentralized autonomous platform. Compared with Google and Baidu, the new search engine can not only give more comprehensive search results on a target, but also achieve functionalities that are not possible with current search engines.
James Yang is a professor of Computer Science at Western Michigan University, and co-founder and chief scientist at Blackcloud Technologies Inc. His research is in the broad areas of software engineering. He has published over eighty conference and journal papers with about 1/3 ranked in CCF category A. He received his Ph.D. from the University of Pennsylvania, M.S. from Rice University, and B.S. from the University of Science and Technology of China, all in computer science. He is a recipient of the 2018 ACM SIGSOFT Distinguished Paper Award (ICSE best paper award), 2016 Google CS Engagement Award and 2008 ACM TODAES best paper award. He is the general chair of the 12th IEEE Conference on Software Testing, Validation and Verification (ICST).
Anita Xie is the CEO at Blackcloud Technologies Inc. She founded the company in 2010 when she was a senior, and later quitted the PhD program to work full time after earning Masters degrees in both computer science and business administration. As of today the company has about 30 technical staff members with around 60% having PhDs in computer science. She owns multiple patents in China and other countries that are based on her academic and industrial work. Xie initiated the two projects at Blockcloud: a distributed autonomous platform that serves as a public blockchain, and a general search engine that emphasizes data sovereignty.