Skip to main content
SpringerLink
Log in
Book cover

International Conference on Verification and Evaluation of Computer and Communication Systems

VECoS 2019: Verification and Evaluation of Computer and Communication Systems pp 63–78Cite as

Running on Fumes

Preventing Out-of-Gas Vulnerabilities in Ethereum Smart Contracts Using Static Resource Analysis

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11847))

Abstract

Gas is a measurement unit of the computational effort that it will take to execute every single operation that takes part in the Ethereum blockchain platform. Each instruction executed by the Ethereum Virtual Machine (EVM) has an associated gas consumption specified by Ethereum. If a transaction exceeds the amount of gas allotted by the user (known as gas limit), an out-of-gas exception is raised. There is a wide family of contract vulnerabilities due to out-of-gas behaviors. We report on the design and implementation of Gastap, a Gas-Aware Smart contracT Analysis Platform, which takes as input a smart contract (either in EVM, disassembled EVM, or in Solidity source code) and automatically infers gas upper bounds for all its public functions. Our bounds ensure that if the gas limit paid by the user is higher than our inferred gas bounds, the contract is free of out-of-gas vulnerabilities.

This work was funded partially by the Spanish MINECO project TIN2015-69175-C4-2-R and MINECO/FEDER, UE project TIN2015-69175-C4-3-R, by Spanish MICINN/FEDER, UE projects RTI2018-094403-B-C31 and RTI2018-094403-B-C33, by the CM project S2018/TCS-4314 and by the UCM CT27/16-CT28/16 grant.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. The EthereumPot contract (2017). https://etherscan.io/address/0x5a13caa82851342e14cd2ad0257707cddb8a31b7

  2. Etherscan (2018). https://etherscan.io

  3. Oyente: An Analysis Tool for Smart Contracts (2018). https://github.com/melonproject/oyente

  4. Albert, E., et al.: SACO: static analyzer for concurrent objects. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 562–567. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_46

    Chapter  Google Scholar 

  5. Albert, E., Arenas, P., Genaim, S., Puebla, G.: Automatic inference of upper bounds for recurrence relations in cost analysis. In: Alpuente, M., Vidal, G. (eds.) SAS 2008. LNCS, vol. 5079, pp. 221–237. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69166-2_15

    Chapter  MATH  Google Scholar 

  6. Albert, E., Gordillo, P., Livshits, B., Rubio, A., Sergey, I.: EthIR: a framework for high-level analysis of ethereum bytecode. In: Lahiri, S.K., Wang, C. (eds.) ATVA 2018. LNCS, vol. 11138, pp. 513–520. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01090-4_30

    Chapter  Google Scholar 

  7. Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In: CPP 2018, pp. 66–77. ACM (2018)

    Google Scholar 

  8. Bernani, T.: Oraclize (2016). http://www.oraclize.it

  9. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: PLAS 2016, pp. 91–96. ACM (2016)

    Google Scholar 

  10. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49059-0_14

    Chapter  Google Scholar 

  11. Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: SANER 2017, pp. 442–446. IEEE Computer Society (2017)

    Google Scholar 

  12. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of aprogram. In: POPL 1978, pp. 84–96 (1978)

    Google Scholar 

  13. Ethereum. Solidity (2018). https://solidity.readthedocs.io

  14. Ethereum. Vyper (2018). https://vyper.readthedocs.io

  15. Flores-Montoya, A., Hähnle, R.: Resource analysis of complex programs with cost equations. In: Garrigue, J. (ed.) APLAS 2014. LNCS, vol. 8858, pp. 275–295. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12736-1_15

    Chapter  Google Scholar 

  16. Ethereum Foundation. Safety - Ethereum Wiki (2018). https://github.com/ethereum/wiki/wiki/Safety. Accessed on 14 Nov 2018

  17. Grech, N., Kong, M., Jurisevic, A., Brent, L., Scholz, B., Smaragdakis, Y.: Madmax: surviving out-of-gas conditions in ethereum smart contracts. In: PACMPL, 2(OOPSLA), pp. 116:1–116:27 (2018)

    Article  Google Scholar 

  18. Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10

    Chapter  Google Scholar 

  19. Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. In: PACMPL, 2(POPL), pp. 48:1–48:28 (2018)

    Article  Google Scholar 

  20. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS 2018. The Internet Society (2018)

    Google Scholar 

  21. Kolluri, A., Nikolic, I., Sergey, I., Hobor, A., Saxena, P.: Exploiting The Laws of Order in Smart Contracts. CoRR, abs/1810.11605 (2018)

    Google Scholar 

  22. Krupp, J., Rossow, C.: Teether: Gnawing at ethereum to automatically exploit smart contracts. In: USENIX Security Symposium, pp. 1317–1333. USENIX Association (2018)

    Google Scholar 

  23. Luu, L., Chu, D., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In CCS 2016, pp. 254–269. ACM (2016)

    Google Scholar 

  24. Marescotti, M., Blicha, M., Hyvärinen, A.E.J., Asadi, S., Sharygina, N.: Computing exact worst-case gas consumption for smart contracts. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 450–465. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_33

    Chapter  Google Scholar 

  25. Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: ACSAC 2018, pp. 653–663. ACM (2018)

    Google Scholar 

  26. Suiche, M.: Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode (2017)

    Google Scholar 

  27. Tsankov, P., Dan, A.M., Drachsler-Cohen, D., Gervais, A., Bünzli, F., Vechev, M.T.: Securify: practical security analysis of smart contracts. In: CCS 2018, pp. 67–82. ACM (2018)

    Google Scholar 

  28. Wegbreit, B.: Mechanical program analysis. Commun. ACM 18(9), 528–539 (1975)

    Article  MathSciNet  Google Scholar 

  29. Wood, G.: Ethereum: A secure decentralised generalised transaction ledger (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Complutense University of Madrid, Madrid, Spain

    Elvira Albert, Pablo Gordillo & Albert Rubio

  2. Yale-NUS College and School of Computing, NUS, Singapore, Singapore

    Ilya Sergey

Authors
  1. Elvira Albert
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pablo Gordillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Albert Rubio
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ilya Sergey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pablo Gordillo .

Editor information

Editors and Affiliations

  1. IMDEA Software Institute, Pozuelo de Alarcón, Spain

    Pierre Ganty

  2. Laboratory for Analysis and Architecture, Toulouse, France

    Mohamed Kaâniche

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Albert, E., Gordillo, P., Rubio, A., Sergey, I. (2019). Running on Fumes. In: Ganty, P., Kaâniche, M. (eds) Verification and Evaluation of Computer and Communication Systems. VECoS 2019. Lecture Notes in Computer Science(), vol 11847. Springer, Cham. https://doi.org/10.1007/978-3-030-35092-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35092-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35091-8

  • Online ISBN: 978-3-030-35092-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation