The talk will present a static analysis approach over Ethereum bytecode. Our analysis framework integrates a very powerful decompiler and several vulnerability analyses, all expressed in a declarative, logic-based specification. The framework is highly scalable and effective at uncovering potential security threats. In particular, our gas-related vulnerability analysis builds from basic data-flow notions all the way to high-level domain-specific concepts (such as “dynamic data structure storage” and “safely resumable loops”). This enables identifying composite vulnerability patterns with high fidelity. The public service https://contract-library.com showcases much of the technology of this talk, over the entire Ethereum blockchain.
Yannis Smaragdakis (http://smaragd.org) is a Professor at the University of Athens. Prior to that he had a 10+ year faculty career in the US, most recently as an Associate Professor at the University of Massachusetts, Amherst. His interests include program analysis and testing (especially pointer analysis, static-dynamic analysis combinations, and invariant inference); declarative and extensible languages (especially program generators, generics/templates, and logic-based languages); and languages and tools for systems (especially multi-threading, parallel and distributed computing, and program locality). Large parts of his FC++ project have been integrated into the Boost C++ libraries, and he continues to maintain strong ties to industrial development and open-source projects. His latest work includes the Doop framework for the analysis of Java bytecode, as well as other related projects for program analysis algorithms expressed declaratively, in the Datalog language. Smaragdakis has served on the SIGPLAN Executive Committee and was the Program Chair of OOPSLA’16. He is a recipient of an NSF Career award, ERC Consolidator and Proof-of-Concept grants, and best/distinguished paper or artifact awards at OOPSLA’18, ECOOP’18, OOPSLA’15, ISSTA’12, ASE’07, ISSTA’06, GPCE’04, USENIX’99.
Research Interests: programming languages and software engineering
- Program analysis (static analysis, test generation, invariant inference, symbolic execution)
- Language mechanisms for abstraction (declarative languages, program generation, DSLs, modules and components, generics, extensible languages, multi-paradigm programming)
- Languages and tools for systems (programming models for concurrency, language support for distributed computing, memory management and program locality)