Securing smart contracts with information flow
Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C. Myers

International Symposium on Foundations and Applications of Blockchain
May 2020

Abstract:

Securing blockchain smart contracts is difficult, especially when they interact with one another. Existing tools for reasoning about smart contract security are limited in one of two ways: they either cannot analyze cooperative interaction between contracts, or they require all interacting code to be written in a specific language. We propose an approach based on information flow controlĀ (IFC), which supports fine-grained, compositional security policies and rules out dangerous vulnerabilities. However, existing IFC systems provide few guarantees on interaction with legacy contracts and unknown code. We extend existing IFC constructs to support these important functionalities while retaining compositional security guarantees, including reentrancy control. We mix static and dynamic mechanisms to achieve these goals in a flexible manner while minimizing run-time costs.

The final paper is not yet ready for distribution. It will be made available from this page.