├── Formal_Stuff
    └── README.md
├── Papers_to_Read
    └── README.md
└── README.md


/Formal_Stuff/README.md:
--------------------------------------------------------------------------------
1 | # Formal_Stuff
2 | This space is for papers related with formal stuff including papers and tools
3 | 
4 | 
5 | NEED TO WRITE SOMETHING
6 | 


--------------------------------------------------------------------------------
/Papers_to_Read/README.md:
--------------------------------------------------------------------------------
 1 | # Papers_to_Read
 2 | This space for papers to read for me (very private)
 3 | I'm not sure that these papers are good or essential to read
 4 | 
 5 | 
 6 | ## Contents
 7 | 
 8 | * [Recommendation from Others](#recommendation-from-others) : Mainly, from my tutor
 9 | 
10 | * [Chosen by myself](#chosen-by-myself) : Warning! my view is very novice
11 | 
12 | * [Lectures / Survey / Blogs](#lectures--survey--blogs)
13 | * * *
14 | 
15 | ### Overview
16 | 
17 | Blank
18 | 
19 | ### Recommendation from Others
20 | - **SoK: unraveling Bitcoin smart contracts** (2018), Nicola Atzei et al. [[pdf]](https://eprint.iacr.org/2018/192.pdf)
21 | - **From contracts to “smart” contracts** (2018), Massimo Bartoletti et al. [[pdf]](http://www.dmi.unipg.it/DLTWorkshop/presentazioni%20DLT%20workshop/bartoletti.pdf)
22 | - **Validation and Verification of Smart Contracts: A Research Agenda** (2017),  Daniele Magazzeni et al. [[pdf]](https://core.ac.uk/download/pdf/96761687.pdf)
23 | - **Ethereum: state of knowledge and research perspectives** (2017),Sergei Tikhomirov. [[pdf]](https://allquantor.at/blockchainbib/pdf/tikhomirov2017ethereum.pdf)
24 | - **Quantstamp : The protocol for securing smart contracts** (2017), Richard Ma et al. [[pdf]](https://crushcrypto.com/wp-content/uploads/2017/10/QSP-Whitepaper.pdf)
25 | - **Ethereum Smart Contracts: Security Vulnerabilities and Security Tools** (2017), Ardit Dika. [[pdf]](https://brage.bibsys.no/xmlui/bitstream/handle/11250/2479191/18400_FULLTEXT.pdf?sequence=1)
26 | - **Writing Secure Smart Contracts** (2016), IC3. [[pdf]](http://upyun-assets.ethfans.org/uploads/doc/file/f035d9aa385448f280a785715fff89e0.pdf?_upd=devcon-ic3.pdf)
27 | - **A Survey of Attacks on Ethereum Smart Contracts (SoK)** (2016),Nicola Atzei et al. [[pdf]](https://eprint.iacr.org/2016/1007.pdf)
28 | - **Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab** (2015), Kevin Delmolino et al. [[pdf]](https://eprint.iacr.org/2015/460.pdf)
29 | 
30 | Below papers are related with DSL
31 | - **Formal verification of smart contracts based on users and blockchain behaviors models** (2018), Tesnim Abdellatif et al. [[pdf]](https://hal.archives-ouvertes.fr/hal-01760787/document)
32 | - **Findel: Secure Derivative Contracts for Ethereum** (2017), Alex Biryukov et al. [[pdf]](https://orbilu.uni.lu/bitstream/10993/30975/1/Findel_2017-03-08-CR.pdf)
33 | 
34 | 
35 | Below papers are related with Isabelle/HOL or Behaviors model
36 | - **Formal verification of smart contracts based on users and blockchain behaviors models** (2018), Tesnim Abdellatif et al. [[pdf]](https://hal.archives-ouvertes.fr/hal-01760787/document)
37 | - **Towards Verifying Ethereum Smart Contract Bytecode in Isabelle/HOL** (2018), Sidney Amani et al. [[pdf]](http://ssrg.nicta.com/publications/csiro_full_text//Amani_BSB_18.pdf)
38 | 
39 | Below papers are related with symbolic execution and theorem provers
40 | - **How Formal Verification Can Ensure Flawless Smart Contracts** (2018), Bernhard Mueller. [[web]](https://media.consensys.net/how-formal-verification-can-ensure-flawless-smart-contracts-cbda8ad99bd1)
41 | - **Finding The Greedy, Prodigal, and Suicidal Contracts at Scale** (2018), Ivica Nikolic et al. [[pdf]](https://arxiv.org/pdf/1802.06038.pdf)
42 | 
43 | Below papers are related with automata
44 | - **Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach** (2017), Anastasia Mavridou et al. [[pdf]](https://fc18.ifca.ai/preproceedings/101.pdf)
45 | 
46 | Below papers are related with cryptographical view
47 | - **Raziel: Private and Verifiable Smart Contracts on Blockchains** (2017), David Cerezo Sánchez. [[pdf]](https://eprint.iacr.org/2017/878.pdf)
48 | 
49 | 
50 | ### Chosen by myself
51 | *I should review these papers*
52 | - **Scilla: a Smart Contract Intermediate-Level LAnguage** (2018), Ilya Sergey et al. [[pdf]](https://arxiv.org/pdf/1801.00687.pdf)
53 | 
54 | 
55 | ### Book / Survey / Review
56 | - Interactive Theorem Proving and Program Development (2004), Bertot, Yves, Castéran, Pierre. [[web]](http://www.springer.com/gp/book/9783540208549)
57 | 
58 | ### Lectures / Survey / Blogs
59 | 
60 | *(Lectures)*
61 | - **Stanford CS240h Spring 2014** [[web]](http://www.scs.stanford.edu/14sp-cs240h/)
62 | - **NICTA Functional Programming Course** [[github]](https://github.com/data61/fp-course)
63 | - **Tsinghua Coq Summer School** [[web]](http://www.labri.fr/perso/casteran/CoqArt/Tsinghua/index.html)
64 | 
65 | *(Survey)*
66 | - **Happy Learn Haskell Tutorial** [[web]](http://www.happylearnhaskelltutorial.com/contents.html)
67 | - **SAW TUTORIAL BY GLOIS** [[web]](https://saw.galois.com/tutorial.html)
68 | - **Coq: formal proof management system** [[web]](https://coq.inria.fr/)
69 | 
70 | *(Blogs)*
71 | - **MÖBIUS STRIP REVERSE ENGINEERING** [[web]](http://www.msreverseengineering.com/program-analysis-reading-list/)
72 | 
73 | ## License
74 | [![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
75 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Papers and Tools for Smart Contract Security Analysis
  2 | 
  3 | This space tries to show all papers about security analysis of smart contract.
  4 | 
  5 | I stopped collecting research papers and stuffs about smart contract security in the middle of 2018.
  6 | Hope this space help you little bit.
  7 | 
  8 | ## Contents
  9 | 
 10 | * [Overview](#overview)
 11 | * [Tools](#security-analysis-tools)
 12 | * [2018 Papers](#2018-papers) : Proceeding
 13 | * [2017 Papers](#2017-papers)
 14 | * [2015-6 Papers](#2015-6-papers)
 15 | * [Security SCI(E) Journal list](#security-sci(e)-journal-list)
 16 | * [Links / Tutorials](#links--tutorials)
 17 | * [References](#references)
 18 | * * *
 19 | 
 20 | ### Overview
 21 | | Vulnerability | ReEntrancy | Immutable Bugs | Minhandled Exceptions | TOD | Untrusted Value Dependency | Gas Costly Pattern | tx.origin |
 22 | |------------------------------|------------|----------------------------------------------------------------|----------------------------------------------|-----|----------------------------|--------------------|-------------|
 23 | | Subordinate Items |  | Integer Overflow/Underflow / Callstack Depth / Short Address | Unchecked Send / Unchekced Low Level Calls |  | Blackhash / Timestamp |  |  |
 24 | | Characteristics /Correlation |  |  | DoS, Interaction |  | Randomness | DoS | Interaction |
 25 | 
 26 | ### Security Analysis Tools
 27 | *Tools which are available. There can be paid services to use full features.*
 28 | 
 29 | | Name | Available Path | Features | Related Paper |
 30 | | :---:         |     :---      |     :---  |      :---: |
 31 | | Oyente        | http://oyente.melon.fund  | symbolic execution  | [[pdf]](https://eprint.iacr.org/2016/633.pdf)    |
 32 | | Securify     | http://securify.ch    | formal verification  |  [[pdf]](https://arxiv.org/pdf/1806.01143.pdf)   |
 33 | | Remix        |  http://remix.ethereum.org     |  solidity compiler, debugger    |    |
 34 | | SmartCheck        |    http://tool.smartdec.net     | static code analysis   |  |
 35 | | Mythril        |  https://github.com/ConsenSys/mythril     |   concolic and taint analysis   |  [[pdf]](https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf)  |
 36 | | why3        |   http://why3.lri.fr/try/          | formal verification, general tool   |  |
 37 | 
 38 | 
 39 | ### 2018 papers
 40 | *Newly published papers (in this year) which are worth reading*
 41 | - **Securify: Practical Security Analysis of Smart Contracts** (2018), Petar Tsankov et al. [[pdf]](https://arxiv.org/pdf/1806.01143.pdf)
 42 | - **Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution** (2018), Raymond Cheng et al. [[pdf]](https://arxiv.org/pdf/1804.05141.pdf)
 43 | - **Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity** (2018), Maximilian Wöhrer and Uwe Zdun. [[pdf]](http://eprints.cs.univie.ac.at/5433/7/sanerws18iwbosemain-id1-p-380f58e-35576-preprint.pdf)
 44 | - **ZEUS: Analyzing Safety of Smart Contracts** (2018), Sukrit Kalra et al. [[pdf]](https://www.ndss-symposium.org/wp-content/uploads/sites/25/2018/02/ndss2018_09-1_Kalra_paper.pdf)
 45 | - **Finding The Greedy, Prodigal, and Suicidal Contracts at Scale** (2018), Ivica Nikolic et al. [[pdf]](https://arxiv.org/pdf/1802.06038.pdf)
 46 | - **Scilla: a Smart Contract Intermediate-Level LAnguage** (2018), Ilya Sergey et al. [[pdf]](https://arxiv.org/pdf/1801.00687.pdf)
 47 | - **Formal verification of smart contracts based on users and blockchain behaviors models** (2018), Tesnim Abdellatif et al. [[pdf]](https://hal.archives-ouvertes.fr/hal-01760787/document)
 48 | - **Smashing Ethereum smart contracts for fun and real profit** (2018),  Bernhard Mueller. [[pdf]](https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf)
 49 | - **Towards Verifying Ethereum Smart Contract Bytecode in Isabelle/HOL** (2018), Sidney Amani et al. [[pdf]](http://ssrg.nicta.com/publications/csiro_full_text//Amani_BSB_18.pdf)
 50 | - **SoK: unraveling Bitcoin smart contracts** (2018), Nicola Atzei et al. [[pdf]](https://eprint.iacr.org/2018/192.pdf)
 51 | - **From contracts to “smart” contracts** (2018), Massimo Bartoletti et al. [[pdf]](http://www.dmi.unipg.it/DLTWorkshop/presentazioni%20DLT%20workshop/bartoletti.pdf)
 52 | - **BitML : a calculus for Bitcoin smart contracts** (2018), Massimo Bartoletti et al. [[pdf]](https://eprint.iacr.org/2018/122.pdf)
 53 | - **Quantitative Analysis of Smart Contracts** (2018), Krishnendu Chatterjee et al. [[pdf]](http://pub.ist.ac.at/~akafshda/paperpdfs/esop2018.pdf)
 54 | - **Smart Contracts Vulnerabilities: A Call for Blockchain Software Engineering?** (2018), Giuseppe Destefanis et al. [[pdf]](http://dspace.stir.ac.uk/bitstream/1893/27135/1/smart-contracts-vulnerabilities-3.pdf)
 55 | - **Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity** (2018), Maximilian Wöhrer and Uwe Zdun. [[pdf]](http://eprints.cs.univie.ac.at/5433/7/sanerws18iwbosemain-id1-p-380f58e-35576-preprint.pdf)
 56 | 
 57 | 
 58 | ### 2017 papers
 59 | *Published papers in 2017 which are worth reading*
 60 | - **Ethereum Smart Contracts: Security Vulnerabilities and Security Tools** (2017), Ardit Dika. [[pdf]](https://brage.bibsys.no/xmlui/bitstream/handle/11250/2479191/18400_FULLTEXT.pdf?sequence=1)
 61 | - **Validation and Verification of Smart Contracts: A Research Agenda** (2017),  Daniele Magazzeni et al. [[pdf]](https://core.ac.uk/download/pdf/96761687.pdf)
 62 | - **Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach** (2017), Anastasia Mavridou et al. [[pdf]](https://fc18.ifca.ai/preproceedings/101.pdf)
 63 | - **Ethereum: state of knowledge and research perspectives** (2017),Sergei Tikhomirov. [[pdf]](https://allquantor.at/blockchainbib/pdf/tikhomirov2017ethereum.pdf)
 64 | - **Quantstamp : The protocol for securing smart contracts** (2017), Richard Ma et al. [[pdf]](https://crushcrypto.com/wp-content/uploads/2017/10/QSP-Whitepaper.pdf)
 65 | - **Findel: Secure Derivative Contracts for Ethereum** (2017), Alex Biryukov et al. [[pdf]](https://orbilu.uni.lu/bitstream/10993/30975/1/Findel_2017-03-08-CR.pdf)
 66 | 
 67 | 
 68 | 
 69 | ### 2015-6 papers
 70 | *Published papers in 2015-6 (2015 is when smart contract was born) which are worth reading*
 71 | - **Making Smart Contracts Smarter** (2016), Loi Luu et al. [[pdf]](https://eprint.iacr.org/2016/633.pdf)
 72 | - **Short Paper: Formal Verification of Smart Contracts** (2016), Karthikeyan Bhargavan et al. [[pdf]](https://www.cs.umd.edu/~aseem/solidetherplas.pdf)
 73 | - **A Survey of Attacks on Ethereum Smart Contracts (SoK)** (2016),Nicola Atzei et al. [[pdf]](https://eprint.iacr.org/2016/1007.pdf)
 74 | - **Writing Secure Smart Contracts** (2016), IC3. [[pdf]](http://upyun-assets.ethfans.org/uploads/doc/file/f035d9aa385448f280a785715fff89e0.pdf?_upd=devcon-ic3.pdf)
 75 | - **Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab** (2015), Kevin Delmolino et al. [[pdf]](https://eprint.iacr.org/2015/460.pdf)
 76 | 
 77 | * * *
 78 | 
 79 | ### Security SCI(E) Journal list
 80 | 
 81 | * IEEE Transactions on Information Forensics and Security [[web]](http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=10206)
 82 | * Computer & Security[[web]](http://www.elsevier.com/wps/find/journaldescription.cws_home/405877/description#description)
 83 | * IET Information Security[[web]](http://www.ietdl.org/IET-IFS)
 84 | * ACM Transactions on Information and System Security[[web]](http://tissec.acm.org/)
 85 | * International Journal of Information Security[[web]](http://www.springerlink.com/content/107927/)
 86 | * Security and Communication Networks[[web]](http://www.wiley.com/bw/journal.asp?ref=1939-0114)
 87 | * IEEE Security & Privacy[[web]](	http://www.computer.org/portal/web/security/home)
 88 | * IEEE Transactions on Dependable and Secure Computing [[web]](http://www.computer.org/tdsc/)
 89 | * Security and Communication Networks[[web]](http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122)
 90 | * Computer Fraud & Security[[web]](http://www.elsevierscitech.com/nl/cfs/home.asp )
 91 | 
 92 | ### Links / Tutorials
 93 | 
 94 | *(Links)*
 95 | - **DASP TOP 10** [[web]](https://www.dasp.co/)
 96 | - **Yoichi's Formal Verification of Ethereum Contracts** [[web]](https://github.com/pirapira/ethereum-formal-verification-overview/)
 97 | - **How Formal Verification Can Ensure Flawless Smart Contracts** (2018), Bernhard Mueller. [[web]](https://media.consensys.net/how-formal-verification-can-ensure-flawless-smart-contracts-cbda8ad99bd1)
 98 | - **Reversing Ethereum Smart Contracts** [[web]](https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/)
 99 | 
100 | - **Smart Contract Languages** [[web]](https://github.com/s-tikhomirov/smart-contract-languages)
101 | 
102 | *(Tutorials)*
103 | - empty
104 | 
105 | ### References
106 | - **Ethereum: A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM** (2015),  Vitalik Buterin. [[pdf]](http://www.the-blockchain.com/docs/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf)
107 | - **Ethereum Yellow Paper**[[pdf]](https://ethereum.github.io/yellowpaper/paper.pdf)
108 | - **Bitcoin: A Peer-to-Peer Electronic Cash System** (2009), Satoshi Nakamoto. [[pdf]](https://bitcoin.org/bitcoin.pdf)
109 | 
110 | 
111 | 
112 | ## License
113 | [![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
114 | 


--------------------------------------------------------------------------------