Automatically Detecting Possible Control-Flow Attacks in Ethereum Smart Contracts

Thesis Description:

Distributed ledger technology (DLT) has gained tremendous media coverage over the last year. With the advent of cryptocurrencies such as Bitcoin or Ethereum the technology has enjoyed attention from numerous factions from industry and academia, but also organized crime is keeping a close eye. However, smart contracts and their infrastructure are still not mature and attacks on smart contracts [1] are increasing both in quality and in wealth appropriated.

While the advances in the fields of formal program verification of smart contracts has seen many advances [2,3], static program analysis is not yet efficiently possible.Smart contracts are challenging for static program analysis due to their openness.Previous approaches applied symbolic execution [4] or bytecode pattern detection [5] to find security flaws in smart contracts.

In this thesis, we want to inspect control-flow attacks on smart contracts possible due to their open nature with an automated static analysis. During this thesis you will design and implement such an analysis to detect the possibility of such attacks on smart contract implementations. These control-flow attacks can lead to unintended behavior of smart contract implementations, which may lead to loss of wealth. In order to implement and execute analyses, an existing proof-of-concept binding the official EVM JIT compiler [6] to our static analyzer PhASAR [7] needs to be extended. These analyses should be on the one hand guided by the formal semantics of the language but on the other hand by vulnerability categories already found.

You may take the following steps (or use a more clever approach):

  • Identify interesting control-flow problems from existing literature
  • Adapt the analysis pipeline to reflect the information from the smart contract necessary for the analysis
  • Formulate the analysis in PhASAR using the ICFG and points-to analysis
  • Evaluate of your analysis using smart contracts from the Ethereum main network
  • Report on your design, implementation, and results in the thesis document

Skills Required:

  • Ability to understand scientific research papers from top venues
  • Knowledge of static analysis design and implementation (you ideally already have completed our DECA course)
  • Some knowledge in (or willingness to learn) C++
  • Autonomy and self-organization skills
  • English language (The thesis will be written in English, informal communication can also be in German)

Learning Outcomes:

  • Assimilate and apply knowledge from relevant literature
  • Implementation of static control-flow analyses for DLT smart contract languages and C/C++
  • Terminology in the DLT field
  • Plan implement, test, and document an independent research project


Dr. Ben Hermann


[1] Atzei, Nicola, Massimo Bartoletti, and Tiziana Cimoli. "A survey of attacks on ethereum smart contracts (sok)." Principles of Security and Trust. Springer, Berlin, Heidelberg, 2017. 164-186.

[2] Grishchenko, Ilya, Matteo Maffei, and Clara Schneidewind. "A Semantic Framework for the Security Analysis of Ethereum smart contracts." International Conference on Principles of Security and Trust. Springer, Cham, 2018.

[3] Luu, Loi, et al. "Making smart contracts smarter." Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016.

[4] Nikolic, Ivica, et al. "Finding the greedy, prodigal, and suicidal contracts at scale." arXiv preprint arXiv:1802.06038 (2018).

[5] Tsankov, Petar, et al. "Securify: Practical Security Analysis of Smart Contracts." arXiv preprint arXiv:1806.01143 (2018).