%0 Generic
%A Tsankov, Petar
%A Dan, Andrei
%A Drachsler-Cohen, Dana
%A Gervais, Arthur
%A Bünzli, Florian
%A Vechev, Martin
%C Toronto, Canada
%D 2018
%F discovery:10182340
%I ACM
%K Smart contracts; Security analysis; Stratified Datalog
%P 67-82
%T Securify: Practical Security Analysis of Smart Contracts
%U https://discovery.ucl.ac.uk/id/eprint/10182340/
%X Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities  to interact without relying on trusted third parties. Despite their  potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts.  To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated,  and able to prove contract behaviors as safe/unsafe with respect to  a given property. Securify’s analysis consists of two steps. First, it  symbolically analyzes the contract’s dependency graph to extract  precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions  for proving if a property holds or not. To enable extensibility, all  patterns are specified in a designated domain-specific language.  Securify is publicly released, it has analyzed > 18K contracts  submitted by its users, and is regularly used to conduct security  audits by experts. We present an extensive evaluation of Securify  over real-world Ethereum smart contracts and demonstrate that it  can effectively prove the correctness of smart contracts and discover  critical violations.
%Z This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.