{"id":10324,"date":"2022-05-19T10:03:07","date_gmt":"2022-05-19T10:03:07","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbincyber2024\/?post_type=session&#038;p=10324"},"modified":"2023-06-09T00:51:18","modified_gmt":"2023-06-09T00:51:18","slug":"locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/","title":{"rendered":"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis"},"content":{"rendered":"<div class=\"simple_format\">\n<p style=\"text-align: justify;\">Blockchain technology is trending in recent years,\u00a0however, financial losses and impacts increase rapidly. By reviewing and investigating past incidents, it&#8217;s obvious that &#8220;Security&#8221; is mostly neglected or underestimated for projects of Decentralized Finance (DeFi) and Non-Fungible Token (NFT) fields. Though we have several auditing companies and static analysis tools, it&#8217;s still important for the industry to have ways of identifying flaws easily and immediately.<\/p>\n<p>Due to the nature of the limitation of EVM&#8217;s available computing resource in terms of gas, we&#8217;re able to do a full simulation in EVM, construct the CFG, and recover byte code back to a high-level abstraction of each Ethereum smart contract. Consequently, we can leverage that simulated EVM environment to guide me through all possible paths with deliberately mutated inputs from the beginning of the byte code.<\/p>\n<p style=\"text-align: justify;\">Though this is not a really new concept in the traditional reverse engineering industry, it&#8217;s rather efficient to do this with Ethereum. The introduction of the &#8220;gas&#8221; has overcome not only issues of network abuse of a blockchain but also the inevitable questions stemming from Turing completeness, which happens to give us a chance to do the full simulation at almost no cost.<\/p>\n<p style=\"text-align: justify;\">In this talk, I will be presenting a hybrid analysis method to combine the results of two topics:<\/p>\n<ol style=\"text-align: justify;\">\n<li><strong>Decompilation of Smart Contracts <\/strong><\/li>\n<li><strong>EVM Full Simulation into a semi-automated analysis tool<\/strong><\/li>\n<\/ol>\n<p style=\"text-align: justify;\">There will be several cases to be demonstrated during the talk.<\/p>\n<p style=\"text-align: justify;\">\n<\/div>\n<h5 class=\"text-gray\" style=\"text-align: justify;\"><\/h5>\n","protected":false},"template":"","class_list":["post-10324","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis - HITB (in)Cyber 2024 - Abu Dhabi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis - HITB (in)Cyber 2024 - Abu Dhabi\" \/>\n<meta property=\"og:description\" content=\"Blockchain technology is trending in recent years,\u00a0however, financial losses and impacts increase rapidly. By reviewing and investigating past incidents, it&#8217;s obvious that &#8220;Security&#8221; is mostly neglected or underestimated for projects of Decentralized Finance (DeFi) and Non-Fungible Token (NFT) fields. Though we have several auditing companies and static analysis tools, it&#8217;s still important for the industry [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"HITB (in)Cyber 2024 - Abu Dhabi\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-09T00:51:18+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/\",\"name\":\"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis - HITB (in)Cyber 2024 - Abu Dhabi\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/#website\"},\"datePublished\":\"2022-05-19T10:03:07+00:00\",\"dateModified\":\"2023-06-09T00:51:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/\",\"name\":\"HITB (in)Cyber 2024 - Abu Dhabi\",\"description\":\"May 14 - 16, Etihad Arena \",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis - HITB (in)Cyber 2024 - Abu Dhabi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/","og_locale":"en_US","og_type":"article","og_title":"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis - HITB (in)Cyber 2024 - Abu Dhabi","og_description":"Blockchain technology is trending in recent years,\u00a0however, financial losses and impacts increase rapidly. By reviewing and investigating past incidents, it&#8217;s obvious that &#8220;Security&#8221; is mostly neglected or underestimated for projects of Decentralized Finance (DeFi) and Non-Fungible Token (NFT) fields. Though we have several auditing companies and static analysis tools, it&#8217;s still important for the industry [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/","og_site_name":"HITB (in)Cyber 2024 - Abu Dhabi","article_modified_time":"2023-06-09T00:51:18+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/","name":"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis - HITB (in)Cyber 2024 - Abu Dhabi","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/#website"},"datePublished":"2022-05-19T10:03:07+00:00","dateModified":"2023-06-09T00:51:18+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/locate-vulnerabilities-of-ethereum-smart-contracts-with-semi-automated-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbincyber2024\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/"},{"@type":"ListItem","position":3,"name":"Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/#website","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/","name":"HITB (in)Cyber 2024 - Abu Dhabi","description":"May 14 - 16, Etihad Arena ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbincyber2024\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session\/10324"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/types\/session"}],"version-history":[{"count":2,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session\/10324\/revisions"}],"predecessor-version":[{"id":12365,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session\/10324\/revisions\/12365"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/media?parent=10324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}