Precise Dynamic Symbolic Execution for Nonuniform Data Access in Smart Contracts

Dynamic symbolic execution (DSE) has been successfully adopted for vulnerability detection in desktop and mobile platforms. Unfortunately, we cannot simply extrapolate those techniques to smart contracts. The major challenge is that smart contracts exhibit a nonuniform data access mode. Other than accessing the data via uniform addresses, smart contracts compromise multiple addressing modes, including flat address mode and key-value mode. More seriously, accessing a key-value table usually involves additional hash operations to obtain the keys. In this paper, we propose a DSE framework to resolve the nonuniform data access in smart contracts. More specifically, we exactly track the symbolic variables with concrete addresses and compute the actual/hash keys for table-like accesses. We also take the symbolic keys into account to distinguish data accesses incidentally with the same concrete keys resulting from artificially generated values. We describe the DSE framework in operational semantics. On top of the framework, we implement an integer overflow detector NOVA and a multi-transactional vulnerability detector MTVD. The experiments show that NOVA outperforms state-of-the-art analysis tools in detecting the integer overflows with much higher precision and recall, 94.2% and 93.0%, respectively. MTVD successfully reports three ether leaking vulnerabilities and one suicidal issue from real-world smart contracts.