Information Flow Analysis for Detecting Non-Determinism in Blockchain
A mandatory feature for blockchain software, such as smart contracts and decentralized applications, is determinism. In fact, non-deterministic behaviors do not allow blockchain nodes to reach one common consensual state or a deterministic response, which causes the blockchain to be forked, stopped, or to deny services. While domain-specific languages are deterministic by design, general-purpose languages widely used for the development of smart contracts such as Go, provide many sources of non-determinism. However, not all non-deterministic behaviours are critical. In fact, only those that affect the state or the response of the blockchain can cause problems, as other uses (for example, logging) are only observable by the node that executes the application and not by others. Therefore, some frameworks for blockchains, such as Hyperledger Fabric or Cosmos SDK, do not prohibit the use of non-deterministic constructs but leave the programmer the burden of ensuring that the blockchain application is deterministic. In this paper, we present a flow-based approach to detect non-deterministic vulnerabilities which could compromise the blockchain. The analysis is implemented in GoLiSA, a semantics-based static analyzer for Go applications. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to non-determinism on a significant set of applications, with better results than other open-source analyzers for blockchain software written in Go.
Wed 19 JulDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 17:00 | ECOOP 3: DistributionResearch Papers at Amazon Auditorium (Gates G20) Chair(s): Elisa Gonzalez Boix Vrije Universiteit Brussel | ||
15:30 15mTalk | Synthetic Behavioural Typing: Sound, Regular Multiparty Sessions via Implicit Local Types Research Papers Sung-Shik Jongmans Open University of the Netherlands; CWI, Francisco Ferreira Royal Holloway, University of London DOI | ||
15:45 15mTalk | Asynchronous Multiparty Session Type Implementability is Decidable – Lessons Learned from Message Sequence Charts Research Papers Felix Stutz MPI-SWS DOI | ||
16:00 15mTalk | Dynamically Updatable Multiparty Session Protocols Research Papers DOI | ||
16:15 15mTalk | Designing Asynchronous Multiparty Protocols with Crash-Stop Failures Research Papers Adam D. Barwell University of St Andrews and University of Oxford, Ping Hou University of Oxford, Nobuko Yoshida University of Oxford, Fangyi Zhou Imperial College London DOI Pre-print | ||
16:30 15mTalk | ConDRust: Scalable Deterministic Concurrency from Verifiable Rust Programs Research Papers Felix Suchert Center for Advancing Electronics Dresden, TU Dresden, Lisza Zeidler Composable Operating Systems Group, Barkhausen Institute, Dresden, Jeronimo Castrillon TU Dresden, Germany, Sebastian Ertel Composable Operating Systems Group, Barkhausen Institute, Dresden DOI | ||
16:45 15mTalk | Information Flow Analysis for Detecting Non-Determinism in Blockchain Research Papers Luca Olivieri Ca’ Foscari University of Venice, Vincenzo Arceri University of Parma, Italy, Luca Negrini Ca’ Foscari University of Venice, Corvallis S.r.l., Fabio Tagliaferro CYS4 Srl, Pietro Ferrara Università Ca' Foscari, Venezia, Italy, Agostino Cortesi Università Ca' Foscari Venezia, Fausto Spoto U. Verona DOI | ||