Multi-Transaction Sequence Vulnerability Detection for Smart Contracts based on Inter-Path Data Dependency

Smart contracts are commonly used to build finance-related decentralized applications. If a smart contract vulnerability is exploited by an attacker, the contract owner may suffer financial losses. We focus on a particular class of smart contract vulnerabilities that require a specific sequence of multiple transactions to trigger, which we call multi-transaction sequence vulnerabilities. Due to the combinatorial explosion problem caused by the huge number of possible transaction sequences, the efficiency and scalability for existing security analyzers to detect multi-transaction sequence vulnerabilities are limited. To alleviate the problem, we propose a vulnerability detection approach based on symbolic execution and inter-path data dependency. In the approach, we first traverse paths in a contract, and record read and write operations of each path. Then, we selectively execute paths which are conducive to discovering vulnerabilities during the subsequent detection process according to inter-path data dependencies. By pruning out most paths that are not relevant to vulnerabilities, we improve the efficiency and scalability of detecting multi-transaction sequence vulnerabilities. We evaluate our approach on 442 contracts collected from CVE reports and 104 contracts with Ether leakage and suicide defects. The experimental results show that our approach reaches an average 2x speedup comparing to Mythril.