Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
During my first year in university, I discovered Phrack magazine and the 1,746 infamous lines of ASCII text titled “Smashing the Stack for Fun and Profit” . Exploring distributed ledgers and the Ethereum world computer reminded me of those early days. The Ethereum blockchain supports smart contracts, quasi-Turing-complete programs that run in a stack-based virtual machine. And because we haven’t learned much since 1996, most of these contracts are developed in a programming language that allows the introduction of a variety of bugs.
This pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.
The work is not groundbreaking by any measure, but hopefully it’ll help to make the Ethereum ecosystem a little bit safer. At the very least, I hope reading the paper is as much fun as writing it was. If it inspires one or two readers to learn more about smart contract security, even better!
I’d like to thank Mario Alvarez, Heaven Hodges, Tom Lindeman, John Mardlin, Gonçalo Sá and Gerhard Wagner for corrections and feedback, and the ConsenSys Diligence team for their unrelenting support.
The full writeup and supplemental materials are available on Github.
Smashing Smart Contracts for Fun and Real Profit was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.