부산대학교 도서관

Smart contracts have recently gained popularity due to the ability to run on their own without third-party intervention. Unfortunately, Smart contracts are susceptible to various vulnerabilities, such as reentrancy, integer overflow and denial-of-service (DoS). Among these vulnerabilities, DoS is a particularly serious one, consuming many contract resources and rendering the contract unresponsive or even terminated abnormally. Therefore, it is significantly crucial to develop detection tools for DoS vulnerability in smart contracts. However, we find that the existing approaches only identify a few DoS patterns and are with high false positives. In this paper, we develop a dedicated automated detection tool, DoSChecker, which intends to detect DoS vulnerability in smart contracts in an efficient way. Specifically, we define four patterns of DoS vulnerability and analyze their function features. According to these features, we design automated detection schemes via symbolic execution technology. Experiments demonstrate that DoSChecker can detect more DoS vulnerability with lower false positives and higher efficiency, and consumes far fewer memory resources than the state-of-the-art tools. In addition, we use DoSChecker to evaluate 155,721 contracts on Ethereum and discover that 12% of them match at least one DoS pattern and might suffer from DoS attacks.