Blockchains have become popular platforms for trading assets. They are best-known for their two main representatives, Bitcoin and Ethereum. The latter introduced a novelty: smart contracts. These are little programs that are stored on the blockchain and executed by all participants. They allow to define the autonomous execution of transactions, governed only by code. Applications range from business workflows to the management of entire organisations. Smart contracts, due to being Turing-complete, do come with a risk, however: programming errors can result in serious losses as attackers find ways to interact with contracts in unforeseen ways.
We have developed a toolchain to decompile and analyse smart contracts. In this work, we are going to improve our toolchain in (at least) two ways. First, we generalise its functionality to detect exploitable contracts even better. Second, we build code that can automatically test if a vulnerability is indeed exploitable - i.e. we construct an exploit generator.
Keywords: static analysis, software security
Advisor(s): Ralph Holz, Bernhard Scholz
Suitable for: Honours SSP/TSP