Replication Data for: Finding Permission Bugs in Smart Contracts with Role Mining

Smart contracts deployed on permissionless blockchains, such as Ethereum, are accessible to any user in a trustless environment. Therefore, most smart contract applications implement access control policies to protect their valuable assets from unauthorized accesses. A difficulty in validating the conformance to such policies, i. e., whether the contract implementation adheres to the expected behaviors, is the lack of policy specifications. In this paper, we mine past transactions of a contract to recover a likely access control model, which can then be checked against various information flow policies and identify potential bugs related to user permissions. We implement our role mining and security policy validation in tool SPCon. The experimental evaluation on labeled smart contract role mining benchmark demonstrates that SPCon effectively mines more accurate user roles compared to the state-of-the-art role mining tools. Moreover, the experimental evaluation on real-world smart contract benchmark and access control CVEs indicates SPCon effectively detects potential permission bugs while having better scalability and lower false-positive rate compared to the state-of-the-art security tools, finding 11 previously unknown bugs and detecting six CVEs that no other tool can find.

部署在无许可区块链（permissionless blockchains）如以太坊（Ethereum）上的智能合约，可在去信任环境中被任意用户访问。因此，绝大多数智能合约应用都会实现访问控制策略，以保护其关键资产免遭未授权访问。验证此类策略的合规性——即合约实现是否符合预期行为——所面临的一大难点在于缺乏明确的策略规范。本文通过挖掘合约的历史交易数据，还原出大概率贴合实际场景的访问控制模型，随后可将该模型与各类信息流策略进行比对，进而识别出与用户权限相关的潜在漏洞。我们将自研的角色挖掘与安全策略验证功能集成至工具SPCon中。在带标注的智能合约角色挖掘基准数据集上开展的实验评估表明，相较于当前最先进的角色挖掘工具，SPCon能够挖掘出准确率更高的用户角色。此外，在真实世界智能合约基准数据集与访问控制通用漏洞与披露（Common Vulnerabilities and Exposures, CVE）数据集上的实验评估显示，相较于当前最先进的安全工具，SPCon能够有效检测潜在的权限漏洞，同时具备更优的可扩展性与更低的假阳性率，共发现11个此前未被披露的漏洞，且成功检测出6项其他工具均未识别的CVE漏洞。