SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

<table class="algorithm-group"><tr><td><table class="algorithm" id="alg1"><tr><td>(1)</td><td>Read the smart contract</td></tr><tr><td>(2)</td><td>Extract the abstract syntax tree</td></tr><tr><td>(3)</td><td>Convert AST to XML path using XPath queries</td></tr><tr><td>(4)</td><td>Store locations of each statement which <i>L</i><sub>1</sub>, <i>L</i><sub>2</sub>, … <i>L</i><sub><i>n</i></sub></td></tr><tr><td>(5)</td><td>Get control flow graphs (cf1, cf2)</td></tr><tr><td>(6)</td><td>Get dependency graph, dg1, dg2</td></tr><tr><td>(7)</td><td>Get local variable (lv1, lv2)</td></tr><tr><td>(8)</td><td>Get state variable (sv1, sv2, \enleadertwodots svn)</td></tr><tr><td>(9)</td><td>Get payable function (pf1, pf2)</td></tr><tr><td>(10)</td><td>Get nonpayable function (npf1, npf2, …\enleadertwodots npfn)</td></tr><tr><td>(11)</td><td>Load standard patterns of vulnerabilities <span class="nowrap"><svg height="10.2124pt" id="M1" style="vertical-align:-3.42943pt" version="1.1" viewbox="-0.0498162 -6.78297 12.4578 10.2124" width="12.4578pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M570 304C570 398 525 448 414 448C385 448 343 445 312 434L329 511L321 518C297 504 262 482 244 460L233 411C195 397 159 381 128 358L135 332C160 347 189 360 224 373L111 -147C97 -210 84 -218 17 -231L13 -257L254 -247L259 -218L233 -216C183 -212 177 -202 189 -142L218 -1C238 -10 266 -12 283 -12C351 3 429 48 483 105C543 168 570 242 570 304ZM482 289C482 161 380 33 304 33C278 33 248 51 233 69L303 396C326 400 352 403 369 403C428 403 482 380 482 289Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,7.384,3.132)"><path d="M389 0V32C297 38 291 46 291 118V635C234 613 175 595 109 583V556L161 554C203 552 207 547 207 497V118C207 46 201 38 110 32V0H389Z"></path></g></svg>,</span> <span class="nowrap"><svg height="10.2124pt" id="M2" style="vertical-align:-3.42943pt" version="1.1" viewbox="-0.0498162 -6.78297 12.4578 10.2124" width="12.4578pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M570 304C570 398 525 448 414 448C385 448 343 445 312 434L329 511L321 518C297 504 262 482 244 460L233 411C195 397 159 381 128 358L135 332C160 347 189 360 224 373L111 -147C97 -210 84 -218 17 -231L13 -257L254 -247L259 -218L233 -216C183 -212 177 -202 189 -142L218 -1C238 -10 266 -12 283 -12C351 3 429 48 483 105C543 168 570 242 570 304ZM482 289C482 161 380 33 304 33C278 33 248 51 233 69L303 396C326 400 352 403 369 403C428 403 482 380 482 289Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,7.384,3.132)"><path d="M414 144C384 79 371 75 317 75H135L276 221C367 316 408 376 408 465C408 570 327 635 237 635C179 635 131 609 100 575L42 494L67 471C94 510 138 565 205 565C277 565 321 517 321 435C321 348 258 270 195 195C146 137 88 81 33 26V0H411C423 44 433 88 446 135L414 144Z"></path></g></svg>,</span> …, <svg height="10.2124pt" id="M3" style="vertical-align:-3.42943pt" version="1.1" viewbox="-0.0498162 -6.78297 12.6861 10.2124" width="12.6861pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M570 304C570 398 525 448 414 448C385 448 343 445 312 434L329 511L321 518C297 504 262 482 244 460L233 411C195 397 159 381 128 358L135 332C160 347 189 360 224 373L111 -147C97 -210 84 -218 17 -231L13 -257L254 -247L259 -218L233 -216C183 -212 177 -202 189 -142L218 -1C238 -10 266 -12 283 -12C351 3 429 48 483 105C543 168 570 242 570 304ZM482 289C482 161 380 33 304 33C278 33 248 51 233 69L303 396C326 400 352 403 369 403C428 403 482 380 482 289Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,7.384,3.132)"><path d="M504 89L488 119C453 85 428 69 416 69C408 69 405 75 412 102L462 304C492 438 460 451 436 451S388 441 356 423C311 397 229 336 170 256H168L189 340C208 418 200 451 177 451C144 451 82 413 24 352L40 322C65 345 98 369 108 369C114 369 119 363 112 335L28 -3L36 -12C54 -3 83 4 112 10C125 73 138 122 153 174C205 258 328 382 376 382C395 382 399 369 384 305L330 93C312 25 323 -12 351 -12C378 -12 439 21 504 89Z"></path></g></svg></td></tr><tr><td>(12)</td><td><b>for</b> each (pi) compare dgi in given smart contract <b>do</b></td></tr><tr><td>(13)</td><td> <b>if</b> foundPattern <b>then</b></td></tr><tr><td>(14)</td><td>  detectVulList.add (pi)</td></tr><tr><td>(15)</td><td>  locationsList.add (Li)</td></tr><tr><td>(16)</td><td> <b>end if</b></td></tr><tr><td>(17)</td><td><b>end for</b></td></tr><tr><td>(18)</td><td>Generate report</td></tr></table></td></tr></table>

<div> Detecting vulnerabilities in the smart contract using SESCon.</div>

Security and Communication Networks

alg1

Algorithm 1

Algorithm 1: SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection 