Monocerus: Dynamic Analysis for Smart Contract presented at BlackHatAsia2019 2019

by Anh Quynh Nguyen,

Summary : By introducing the concept of storing and executing program on blockchain, smart contract becomes vital for the Fintech revolution. Unfortunately, like legacy code, smart contract can be ridden with vulnerabilities, which may cause immediate negative impact in term of economy.To find bugs in smart contracts we rely on security tools. At the moment, an existing toolset relies on either symbolic execution, or static analysis technique. The traditional type of dynamic analysis tools are missing, due to lack of support on blockchain platforms.This research introduces Monocerus, a lightweight, multi-platform framework for dynamic analysis of Ethereum smart contracts. Monocerus offers some important features.- Emulate smart contract's bytecode, that requires no source code.- Muli-platform: native build for Windows & *nix (with Mac OSX, Linux & *BSD confirmed).- Clean/simple/lightweight/intuitive blockchain-neutral API.- Implemented in pure C language, with bindings for Python.- Allow fine-grained instrumentation, with user-customized callbacks.- Thread-safe by design.- Open source with permissive license.This work aims to lay a foundation for dynamic analysis on Ethereum blockchain. To demonstrate it's power, we built a new toolset on top of Monocerus, ranging from bytecode debugger, code tracer/profiler to advanced fuzzer. Come to see some cool exciting demos in our talk.