Abstract :
[en] Modern blockchains, such as Ethereum, gained tremendously in popularity over the past few years. What partially enables this large increase are so-called smart contracts. These are programs that are deployed and executed across the blockchain. However, just like traditional programs, smart contracts are subject to programming mistakes. Although, unlike traditional programs their code is publicly available and immutable. Hence, as smart contracts become more popular and carry more value, they become a more interesting target for attackers. In the past few years, several smart contracts have been exploited, resulting in assets worth millions of dollars being stolen. In this dissertation, we explore the security of smart contracts from three different perspectives: vulnerabilities, attacks, and defenses, and demonstrate that, as so often, "smart" does not imply "secure". In the first part of the dissertation, we study the automated detection of vulnerabilities in smart contracts, without requiring prior access to source code. We start by building a symbolic execution framework for detecting integer bugs that leverages taint analysis to reduce false positives. However, as symbolic execution is notorious to produce false positives, we explore hybrid fuzzing as an alternative. As a result, we propose a hybrid fuzzer for smart contracts that combines symbolic execution with fuzz testing and leverages data dependencies across state variables to efficiently generate transaction sequences. Our approach is capable of detecting more vulnerabilities with less false positives. In the second part of the dissertation, we explore various ways to mount attacks against smart contracts. We start by proposing a framework to detect and quantify classical smart contract attacks (e.g., reentrancy, integer overflows, etc.) on past transactions by combining logic-driven and graph-driven analysis. Afterwards, we study the effectiveness of a new type of fraud known as honeypots, by scanning the entire blockchain for different types of honeypots using symbolic execution. Next, we present a methodology to measure the prevalence of so-called frontrunning attacks, which follow from the rise of decentralized finance and the sharp increase of users trading on decentralized exchanges. Our results show that attackers are making a fortune by manipulating the order of transactions. In the third and final part of the dissertation, we discuss several defense mechanisms for smart contracts. We first propose a solution that developers can use to automatically patch vulnerable smart contract bytecode using context-sensitive patches that dynamically adapt to the bytecode that is being patched. However, this does not solve the issue of already deployed smart contracts. To that end, we present a second solution that enables security experts to write attack patterns that are triggered whenever malicious control and data flows are detected. Once a transaction is detected to be malicious, all state changes are rolled back and the attack is thereby prevented. These attack patterns are written using a domain-specific language and are managed via a smart contract. The latter enables decentralization, guarantees the distribution of security updates, and warrants transparency.
