Vultron : towards secure smart contracts -- a runtime monitoring approach

Abstract

Ethereum smart contracts are paving their way into the future of commerce and high stakes are placed upon the correct implementation of their specifications. However, in the history of Ethereum, several vulnerabilities have been exploited which compromised the trust and effectiveness of smart contracts. Errors in executable specification languages are especially challenging to detect using a static approach. Therefore, a dynamic runtime monitoring approach is often preferred. The proposed approach, Vultron, a generalised solution which is not limited in its capabilities, can proactively detect vulnerabilities during runtime, and pre-emptively alter the function execution.

For Vultron, we look at inserting operations into smart contracts to manipulate the gas instrumentation of Ethereum such that additional debugging instructions can be executed without affecting the gas consumption. This is achieved through modifying both the Solidity compiler and Ethereum Virtual Machine. The source code of the compiler and virtual machine are open-sourced and can be viewed on GitHub.

The modifications to the compiler and virtual machine illustrate the feasibility of adding custom gas manipulating operations and serve as fundamental building blocks of a fully developed and automated runtime monitoring approach. Given the limitations of static solutions and the advantages of a runtime monitoring approach, we highly recommend adopting Vultron in advancing towards secure smart contracts.