research-article

Public Access

VRust: Automated Vulnerability Detection for Solana Smart Contracts

Authors:

Jeff HuangAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 639 - 652

https://doi.org/10.1145/3548606.3560552

Published: 07 November 2022 Publication History

Abstract

Solana is a rapidly-growing high-performance blockchain powered by a Proof of History (PoH) consensus mechanism and a novel stateless programming model that decouples code from data. With parallel execution on the PoH Sealevel runtime (instead of PoW), it achieves 100X-1000X speedups compared to Ethereum in terms of transactions per second. With the new programming model, new constraints (owner, signer, keys, bump seeds) and vulnerabilities (missing checks, overflows, type confusion, etc.) must be carefully verified to ensure the security of Solana smart contracts.

This paper proposes VRust, the first automated smart contract vulnerability detection framework for Solana. A key technical novelty is a set of static analysis rules for validating untrustful input accounts that are unique in the Solana programming model. We have developed a total of eight different vulnerability types, and VRust is able to check all of them fully automatically by translating source code into Rust MIR-based inference rules without any code annotations. VRust has been evaluated on over a hundred of Solana projects, and it has revealed 12 previously unknown vulnerabilities, including 3 critical vulnerabilities in the official Solana Programming Library confirmed by core developers.

References

[1]

Maher Alharby, Amjad Aldweesh, and Aad Van Moorsel. 2018. Blockchain-based smart contracts: A systematic mapping study of academic research (2018). In 2018 International Conference on Cloud Computing, Big Data and Blockchain (ICCBB). IEEE, 1--6.

[2]

Anchor. 2020. Anchor. https://hackmd.io/@ironaddicteddog/solana-anchor-escrow Retrieved April 18, 2022.

[3]

Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, et al. 2018. Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the thirteenth EuroSys conference. 1--15.

Digital Library

[4]

et al. Armani Ferrante. 2022. coral-xyz/sealevel-attacks: Common Security Exploits and Protections on Solana. https://github.com/coral-xyz/sealevel-attacks Retrieved Sep. 6, 2022.

[5]

Avyan. 2022. Solana vs Ethereum: A Detailed Comparison | Alexandria. https://coinmarketcap.com/alexandria/article/solana-vs-ethereum-a-detailed-comparison Retrieved April 05, 2022.

[6]

AWS. 2022. What is Hyperledger Fabric? https://aws.amazon.com/blockchain/what-is-hyperledger-fabric/ Retrieved August 10, 2022.

[7]

Bernhard Beckert, Mihai Herda, Michael Kirsten, and Jonas Schiffl. 2018. Formal specification and verification of Hyperledger Fabric chaincode. In 3rd Symposium on Distributed Ledger Technology (SDLT-2018) co-located with ICFEM. 44--48.

[8]

Daniel J Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. Journal of cryptographic engineering, Vol. 2, 2 (2012), 77--89.

[9]

Norbert Bodziony, Paweł Jemioło, Krzysztof Kluza, and Marek R Ogiela. 2021. Blockchain-based address alias system. Journal of Theoretical and Applied Electronic Commerce Research, Vol. 16, 5 (2021), 1280--1296.

[10]

Miguel Castro, Barbara Liskov, et al. 1999. Practical byzantine fault tolerance. In OsDI, Vol. 99. 173--186.

Digital Library

[11]

Yan Chen and Cristiano Bellavitis. 2020. Blockchain disruption and decentralized finance: The rise of decentralized business models. Journal of Business Venturing Insights, Vol. 13 (2020), e00151.

[12]

Usman W Chohan. 2021. Non-fungible tokens: Blockchains, scarcity, and value. Critical Blockchain Research Initiative (CBRI) Working Papers (2021).

[13]

Coinmarketcap. 2022. Ethereum price today, ETH to USD live, marketcap and chart | CoinMarketCap. https://coinmarketcap.com/currencies/ethereum/ Retrieved April 20, 2022.

[14]

ConsenSys. 2022. ConsenSys/mythril: Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. https://github.com/ConsenSys/mythril Retrieved April 13, 2022.

[15]

Fintan Duffy, Malika Bendechache, and Irina Tal. 2021. Can Solana's high throughput be an enabler for IoT?. In 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 615--621.

[16]

ethereum. 2015. Home | ethereum.org. https://ethereum.org/en/ Retrieved March 29, 2022.

[17]

Fabric. 2022a. Fabric Blockchain. https://hyperledger-fabric.readthedocs.io/en/release-2.2/blockchain.html Retrieved August 9, 2022.

[18]

Fabric. 2022b. Fabric Model. https://hyperledger-fabric.readthedocs.io/en/release-2.2/fabric_model.html Retrieved August 9, 2022.

[19]

Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8--15.

Digital Library

[20]

Zhipeng Gao, Vinoj Jayasundara, Lingxiao Jiang, Xin Xia, David Lo, and John Grundy. 2019. Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding. In 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 394--397.

[21]

Zhipeng Gao, Lingxiao Jiang, Xin Xia, David Lo, and John Grundy. 2020. Checking smart contracts with structural code embedding. IEEE Transactions on Software Engineering (2020).

[22]

Asem Ghaleb and Karthik Pattabiraman. 2020. How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 415--427.

Digital Library

[23]

Mike Graf, Ralf Küsters, and Daniel Rausch. 2020. Accountability in a permissioned blockchain: Formal analysis of hyperledger fabric. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 236--255.

[24]

Ákos Hajdu and Dejan Jovanović. 2019. solc-verify: A modular verifier for solidity smart contracts. In Working Conference on Verified Software: Theories, Tools, and Experiments. Springer, 161--179.

[25]

Jim Hendler. 2009. Web 3.0 Emerging. Computer, Vol. 42, 1 (2009), 111--113.

Digital Library

[26]

Hendrik Hofstadt. 2022a. Check instructions sysvar · certusone/wormhole@e8b9181. https://github.com/certusone/wormhole/commit/e8b91810a9bb35c3c139f86b4d0795432d647305 Retrieved April 26, 2022.

[27]

Hendrik Hofstadt. 2022b. Update Solana to 1.9.4. https://github.com/certusone/wormhole/commit/7edbbd3677ee6ca681be8722a607bc576a3912c8 Retrieved March 29, 2022.

[28]

Hyperledger. 2022a. Hyperledger Architecture, Volume II. https://www.hyperledger.org/wp-content/uploads/2018/04/Hyperledger_Arch_WG_Paper_2_SmartContracts.pdf Retrieved August 10, 2022.

[29]

Hyperledger. 2022b. Hyperledger -- Open Source Blockchain Technologies. https://www.hyperledger.org/ Retrieved August 9, 2022.

[30]

Connor Dempsey Justin Mart. 2021. Scaling Ethereum & crypto for a billion users | by Coinbase | The Coinbase Blog. https://blog.coinbase.com/scaling-ethereum-crypto-for-a-billion-users-715ce15afc0b Retrieved March 29, 2022.

[31]

Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: analyzing safety of smart contracts. In Ndss. 1--12.

[32]

Xiangyu Li, Xinyu Wang, Tingli Kong, Junhao Zheng, and Min Luo. 2021. From Bitcoin to Solana--Innovating Blockchain Towards Enterprise Applications. In International Conference on Blockchain. Springer, 74--100.

[33]

Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, and Bill Roscoe. 2018. Reguard: finding reentrancy bugs in smart contracts. In 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion). IEEE, 65--68.

Digital Library

[34]

lunaray. 2022. A hacker exploited an "infinite mint glitch" and drained about $28 million worth of assets from? | by lunaray | Coinmonks | Mar, 2022 | Medium. https://medium.com/coinmonks/a-hacker-exploited-an-infinite-mint-glitch-and-drained-about-28-million-worth-of-assets-from-a19277c0e20c Retrieved April 30, 2022.

[35]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 254--269.

Digital Library

[36]

Penghui Lv, Yu Wang, YaZhe Wang, and Qihui Zhou. 2021. Potential Risk Detection System of Hyperledger Fabric Smart Contract based on Static Analysis. In 2021 IEEE Symposium on Computers and Communications (ISCC). IEEE, 1--7.

[37]

Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 1186--1189.

Digital Library

[38]

Neodyme. 2021. Introduction - Solana Security Workshop. https://workshop.neodyme.io/ Retrieved Sep 6, 2022.

[39]

neodyme labs. 2021. solana-poc-framework. https://github.com/neodyme-labs/solana-poc-framework Retrieved April 26, 2022.

[40]

Poly Network. 2022. Rekt - Poly Network - REKT. https://rekt.news/polynetwork-rekt/ Retrieved August 10, 2022.

[41]

Arrow Protocol. 2021. Arrow. https://arrowprotocol.com/ Retrieved April 30, 2022.

[42]

Peng Qian, Zhenguang Liu, Qinming He, Roger Zimmermann, and Xun Wang. 2020. Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access, Vol. 8 (2020), 19685--19695.

[43]

RFCs. 2015. 1191-hir - The Rust RFC Book. https://rust-lang.github.io/rfcs/1191-hir.html Retrieved April 27, 2022.

[44]

RFCs. 2022. 1211-mir - The Rust RFC Book. https://rust-lang.github.io/rfcs/1211-mir.html Retrieved April 21, 2022.

[45]

sivachokkapu. 2020. ReviveCC. https://github.com/sivachokkapu/revive-cc Retrieved August 11, 2022.

[46]

Solana. 2019. Scalable Blockchain Infrastructure: Billions of transactions & counting | Solana: Build crypto apps that scale. https://solana.com/ Retrieved March 29, 2022.

[47]

Solana. 2022. Calling Between Programs | Solana Docs. https://docs.solana.com/developing/programming-model/calling-between-programs Retrieved July 31, 2022.

[48]

solana. 2022. Overview | Solana Docs. https://docs.solana.com/developing/programming-model/overview Retrieved April 07, 2022.

[49]

Solana. 2022a. Program Derived Addresses (PDAs) | Solana Cookbook. https://solanacookbook.com/core-concepts/pdas.html#facts Retrieved August 8, 2022.

[50]

Solana. 2022b. Saber | Solana AMM and DEX. https://saber.so/ Retrieved April 30, 2022 from https://saber.so/

[51]

Solana. 2022c. Tower BFT | Solana Docs. https://docs.solana.com/implemented-proposals/tower-bft Retrieved April 05, 2022.

[52]

Carol Nichols Steve Klabnik. 2022. Data Types - The Rust Programming Language. https://doc.rust-lang.org/book/ch03-02-data-types.html#integer-overflow Retrieved April 05, 2022.

[53]

Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. 9--16.

Digital Library

[54]

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 67--82.

Digital Library

[55]

John Wang. 2021. Parallel Processing: Solana's Key to Hardware Scalability. https://www.johnwang.xyz/parallel-processing-solanas-key-to-hardware-scalability/ Retrieved April 11, 2022.

[56]

Alex White-Gomez. 2022. Solana vs Ethereum: What's the Difference? https://www.one37pm.com/nft/tech/solana-vs-ethereum Retrieved April 04, 2022.

[57]

Anatoly Yakovenko. 2018. Solana: A new architecture for a high performance blockchain v0. 8.13. Whitepaper (2018).

[58]

Anatoly Yakovenko. 2019. Sealevel - Parallel Processing Thousands of Smart Contracts | by Anatoly Yakovenko | Solana | Medium. https://medium.com/solana-labs/sealevel-parallel-processing-thousands-of-smart-contracts-d814b378192 Retrieved April 11, 2022.

[59]

Kazuhiro Yamashita, Yoshihide Nomura, Ence Zhou, Bingfeng Pi, and Sun Jun. 2019. Potential risks of hyperledger fabric smart contracts. In 2019 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE). IEEE, 1--10.

[60]

Ycharts. 2022. Bitcoin Market Cap. https://ycharts.com/indicators/bitcoin_market_cap Retrieved April 04, 2022.

[61]

Yuyao Zhang, Siqi Ma, Juanru Li, Kailai Li, Surya Nepal, and Dawu Gu. 2020. Smartshield: Automatic smart contract protection made easy. In 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 23--34.

Cited By

Bartoletti MBenetollo LBugliesi MCrafa SSasso GPettinau RPinna APiras MRossi SSalis SSpanò ATkachenko VTonelli RZunino R(2025)Smart contract languagesFuture Generation Computer Systems10.1016/j.future.2024.107563164:COnline publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1016/j.future.2024.107563
Bagheri AHegedűs P(2024)Towards a Block-Level Conformer-Based Python Vulnerability DetectionSoftware10.3390/software30300163:3(310-327)Online publication date: 31-Jul-2024
https://doi.org/10.3390/software3030016
Jiang ZSun WGu XWu JWen THu HYan M(2024)DFEPT: Data Flow Embedding for Enhancing Pre-Trained Model Based Vulnerability DetectionProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671388(95-104)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671388
Show More Cited By

Index Terms

VRust: Automated Vulnerability Detection for Solana Smart Contracts
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures
  2. Systems security
    1. Distributed systems security
2. Software and its engineering
  1. Software organization and properties
    1. Extra-functional properties
      1. Software safety
    2. Software functional properties
      1. Correctness

Recommendations

Fuzz on the Beach: Fuzzing Solana Smart Contracts
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved ...
Unveiling Vulnerabilities in Bitcoin's Misbehavior-Score Mechanism: Attack and Defense
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

The Bitcoin network is susceptible to various attacks due to its openness, decentralization, and plaintext connections. Bitcoin created a misbehavior-score mechanism for monitoring and tracking peer misconduct. In this paper, we uncover several ...
Vulpedia: Detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures
Abstract
Recent years have seen smart contracts are getting increasingly popular in building trustworthy decentralized applications. Previous research has proposed static and dynamic techniques to detect vulnerabilities in smart contracts. ...
Highlights
- An approach to abstract vulnerability signatures and compose detection rules to detect vulnerability.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
2,623
Total Downloads

Downloads (Last 12 months)1,202
Downloads (Last 6 weeks)121

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bartoletti MBenetollo LBugliesi MCrafa SSasso GPettinau RPinna APiras MRossi SSalis SSpanò ATkachenko VTonelli RZunino R(2025)Smart contract languagesFuture Generation Computer Systems10.1016/j.future.2024.107563164:COnline publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1016/j.future.2024.107563
Bagheri AHegedűs P(2024)Towards a Block-Level Conformer-Based Python Vulnerability DetectionSoftware10.3390/software30300163:3(310-327)Online publication date: 31-Jul-2024
https://doi.org/10.3390/software3030016
Jiang ZSun WGu XWu JWen THu HYan M(2024)DFEPT: Data Flow Embedding for Enhancing Pre-Trained Model Based Vulnerability DetectionProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671388(95-104)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671388
Andreina SCloosters TDavi LGiesen JGutfleisch MKarame GNaiakshina ANaji HLuo BLiao XXu JKirda ELie D(2024)Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by DevelopersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670333(4226-4240)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670333
Yao MZhang RXu HChou SPaturi VSikder ASaltaformaggio B(2024)Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00228(2236-2254)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00228
Olivieri LArceri VChachar BNegrini LTagliaferro FSpoto FFerrara PCortesi A(2024)General-Purpose Languages for Blockchain Smart Contracts Development: A Comprehensive StudyIEEE Access10.1109/ACCESS.2024.349553512(166855-166869)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3495535
Wang CTang HZhu HZheng JJiang C(2024)Behavioral authentication for security and safetySecurity and Safety10.1051/sands/20240033(2024003)Online publication date: 30-Apr-2024
https://doi.org/10.1051/sands/2024003
Hussain SNadeem MBaber JHamdi MRajab AAl Reshan MShaikh A(2024)Vulnerability detection in Java source code using a quantum convolutional neural network with self-attentive pooling, deep sequence, and graph-based hybrid feature extractionScientific Reports10.1038/s41598-024-56871-z14:1Online publication date: 28-Mar-2024
https://doi.org/10.1038/s41598-024-56871-z
Vidal FIvaki NLaranjeiro N(2024)Vulnerability detection techniques for smart contractsJournal of Systems and Software10.1016/j.jss.2024.112160217:COnline publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.jss.2024.112160
Öztürk M(2024)A cosine similarity-based labeling technique for vulnerability type detection using source codesComputers & Security10.1016/j.cose.2024.104059146(104059)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104059
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten