%P 67-82
%I ACM
%B Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
%O This version is the author accepted manuscript. For information on re-use, please refer to the publisherâ€™s terms and conditions.
%D 2018
%T Securify: Practical Security Analysis of Smart Contracts
%A Petar Tsankov
%A Andrei Dan
%A Dana Drachsler-Cohen
%A Arthur Gervais
%A Florian BÃ¼nzli
%A Martin Vechev
%X Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities
to interact without relying on trusted third parties. Despite their
potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts.
To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated,
and able to prove contract behaviors as safe/unsafe with respect to
a given property. Securifyâ€™s analysis consists of two steps. First, it
symbolically analyzes the contractâ€™s dependency graph to extract
precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions
for proving if a property holds or not. To enable extensibility, all
patterns are specified in a designated domain-specific language.
Securify is publicly released, it has analyzed > 18K contracts
submitted by its users, and is regularly used to conduct security
audits by experts. We present an extensive evaluation of Securify
over real-world Ethereum smart contracts and demonstrate that it
can effectively prove the correctness of smart contracts and discover
critical violations.
%J Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
%K Smart contracts; Security analysis; Stratified Datalog
%L discovery10182340
%C Toronto, Canada