세미나

2022.11.15(화) 정보보호대학원 2022년 가을학기 콜로퀴움 - Wen Xu
작성일2022-11-03

정보보호대학원에서는 11월 15일 오후 4시에 아래와 같이 온라인 세미나를 개최하고자 합니다. 많은 참석 부탁드립니다.


o 일 시: 22. 11. 15(화) 16:00~
o 주 제: A Systematic Study of Smart Contract Security
o 강 사: Wen Xu (Georgia Tech, Research Scientist)
 

※ 세미나 시작시간 5분전에 준비하여 주세요.

ㅡㅡㅡ

♣ Title : A Systematic Study of Smart Contract Security

♣ Abstract:
Exploitable bugs in smart contracts have caused significant momentary loss. Despite the substantial advances in smart contract bug finding, exploitable bugs and real-world attacks are still trending. In this paper we systematically investigate 516 unique real-world smart contract vulnerabilities in years 2021-2022, and study how many can be exploited by malicious users and cannot be detected by existing analysis tools. We further categorize the bugs that cannot be detected by existing tools into seven types and study their root causes, distributions, difficulties to audit, consequences, and repair strategies. For each type, we abstract them to a bug model (if possible), facilitating finding similar bugs in other contracts and future automation. We leverage the findings in auditing real world smart contracts, and so far we have been rewarded with $102,660 bug bounties for identifying 15 critical zero-day exploitable bugs, which could have caused up to $22.52 millions monetary loss if exploited.

♣ Bio:
Wen Xu is a research scientist at Georgia Tech. His research is focused on developing automatic bug finding techniques, which have discovered more than 200 security vulnerabilities in various open-source software. He received Ph.D. degree in Computer Science from Georgia Tech working with Prof. Taesoo Kim.