南方科技大学知识苑(SUSTech KC): Panda: Security Analysis of Algorand Smart Contracts

题名	Panda: Security Analysis of Algorand Smart Contracts
作者	Sun, Zhiyuan 1,2 ; Luo, Xiapu 1; Zhang, Yinqian2
通讯作者	Luo, Xiapu; Zhang, Yinqian
发表日期	2023
会议名称	32nd USENIX Security Symposium
会议录名称	PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM
会议日期	AUG 09-11, 2023
会议地点	null,Anaheim,CA
出版地	SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA
出版者	USENIX ASSOC
摘要	Algorand has recently grown rapidly as a representative of the new generation of pure-proof-of-stake (PPoS) blockchains. At the same time, Algorand has also attracted more and more users to use it as a trading platform for non-fungible tokens. However, similar to traditional programs, the incorrect way of programming will lead to critical security vulnerabilities in Algorand smart contracts. In this paper, we first analyze the semantics of Algorand smart contracts and find 9 types of generic vulnerabilities. Next, we propose Panda, the first extensible static analysis framework that can automatically detect such vulnerabilities in Algorand smart contracts, and formally define the vulnerability detection rules. We also construct the first benchmark dataset to evaluate Panda. Finally, we used Panda to conduct a vulnerability assessment on all smart contracts on the Algorand blockchain and found 80,515 (10.38%) vulnerable smart signatures and 150,676 (27.73%) vulnerable applications. Of the vulnerable applications, 4,008 (4.04%) are still on the blockchain and have not been deleted. In the disclosure process, the vulnerabilities found by Panda have been acknowledged by many projects, including some critical blockchain infrastructures such as the decentralized exchange and the NFT auction platform.
学校署名	通讯
语种	英语
相关链接	[来源记录]
收录类别	EI ; CPCI-S
资助项目	Hong Kong RGC Projects["PolyU15219319","PolyU15224121"]
WOS研究方向	Computer Science
WOS类目	Computer Science, Information Systems ; Computer Science, Interdisciplinary Applications ; Computer Science, Theory & Methods
WOS记录号	WOS:001066451501049
来源库	Web of Science
引用统计	被引频次[WOS]：2
成果类型	会议论文
条目标识符	http://sustech.caswiz.com/handle/2SGJ60CL/673948
专题	南方科技大学
作者单位	1.Hong Kong Polytechnic University, Hong Kong 2.Southern University of Science and Technology, China
第一作者单位	南方科技大学
通讯作者单位	南方科技大学
推荐引用方式 GB/T 7714	Sun, Zhiyuan,Luo, Xiapu,Zhang, Yinqian. Panda: Security Analysis of Algorand Smart Contracts[C]. SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA:USENIX ASSOC,2023.