Smart-contract proxy analysis

The evolution of smart-contract protocols, with respect to both size and complexity, has led to the creation of new design patterns, centred on modularity, maintainability and upgradeability. One such emerging pattern in the Ethereum space is the diamond pattern [1].

The diamond pattern is analogous to a reverse-proxy in Web2 infrastructure, as it provides a singular endpoint to a smart-contract protocol, for which the implementation is split across multiple smart contracts. The state (storage) across the implementation contracts is consolidated in the proxy contract through the use of the delegatecall opcode.

Although mechanisms exist to ensure implementation contracts could operate over segmented sections of the storage (state), a portion of the state would always remain shared and mutable. Incompatibilities in the manipulation of these storage variables across implementation contracts could introduce unique vulnerabilities, which might go unnoticed when observing a single contract.

Currently available state-of-the-art static-analysis tools do not take into account the unique intricacies of having shared mutable state across multiple smart contracts. Clairvoyance [2] is arguably the one exception to this. However, its application is currently limited to the information flow of calls between contracts, rather than unified multi- contract protocols.

This study has identified a general technique for multi-contract analysis, through the modularisation of the Gigahorse [3] analysis framework and the propagation of storage facts between smart contracts during analysis execution. In fact, the project proposes a new tool called SOuL-Splitter, which generates multi-contract evaluation test sets through automated decomposition of existing smart contracts.

Figure 1. Dataflow for diamond-pattern fallback function
Figure 2. Multi-contract analysis evaluation

Student: Tony Valentine
Course: B.Sc. (Hons.) Computing Science
Supervisor: Dr Neville Grech