Research
Standards & Guidelines
Resources that empower the blockchain community to build secure processes and give guidance on best practices.
| Project Name | Author(s) | Venue | Type | Date |
|---|---|---|---|---|
| Token Interaction Checklist | Shayan Eskandari | Diligence Blog | Guideline | 2020 |
| Ethereum Smart Contract Security Best Practices | Diligence Team | Diligence Blog | Guideline | 2020 |
| EIP-1963 - Mandatory 'Security Considerations' for EIPs | Martin Ortner | EIP | Standard | 2019 |
Academic Publications
Our members actively participate in academic discourse pushing forward to progress blockchain research.
| Project Name | Author(s) | Venue | Type | Date |
|---|---|---|---|---|
| Specifying and Testing k-Safety Properties for Machine-Learning Models | Maria Christakis, Hasan Ferit Eniser, Jörg Hoffmann, Adish Singla, Valentin Wüstholz | IJCAI 2023 | Paper | 2023 |
| Green Fuzzer Benchmarking | Jiradet Ounjai, Valentin Wüstholz, Maria Christakis | ISSTA 2023 | Paper | 2023 |
| Dependency-Aware Metamorphic Testing of Datalog Engines | Muhammad Numair Mansur, Valentin Wüstholz, Maria Christakis | ISSTA 2023 | Paper | 2023 |
| Metamorphic Relations via Relaxations: An Approach to Obtain Oracles for Action-Policy Testing | Hasan Ferit Eniser, Timo P. Gros, Valentin Wüstholz, Jörg Hoffmann, Maria Christakis | ISSTA 2022 | Paper | 2022 |
| Debugging a Policy: Automatic Action-Policy Testing in AI Planning | Marcel Steinmetz, Daniel Fiser, Hasan Ferit Eniser, Patrick Ferber, Timo P. Gros, Philippe Heim, Daniel Höller, Xandra Schuler, Valentin Wüstholz, Maria Christakis, Jörg Hoffmann | ICAPS 2022 | Paper | 2022 |
| Verifying Solidity Smart Contracts Via Communication Abstraction in SmartACE | Scott Wesley, Maria Christakis, Jorge A. Navas, Richard Trefler, Valentin Wüstholz, Arie Gurfinkel | VMCAI 2022 | Paper | 2022 |
| Compositional Verification of Smart Contracts Through Communication Abstraction | Scott Wesley, Maria Christakis, Jorge A. Navas, Richard Trefler, Valentin Wüstholz, Arie Gurfinkel | SAS 2021 | Paper | 2021 |
| SoK: Oracles from the Ground Truth to Market Manipulation | Shayan Eskandari et al. | ACM AFT'21 | Paper | 2021 |
| Metamorphic Testing of Datalog Engines | Muhammad Numair Mansur, Maria Christakis and Valentin Wüstholz | ESEC/FSE 2021 | Paper | 2021 |
| Estimating Residual Risk in Greybox Fuzzing | Marcel Böhme, Danushka Liyanage, and Valentin Wüstholz | ESEC/FSE 2021 | Paper | 2021 |
| Automatically Tailoring Abstract Interpretation to Custom Usage Scenarios | Muhammad Numair Mansur, Benjamin Mariano, Maria Christakis, Jorge A. Navas and Valentin Wüstholz | CAV 2021 | Paper | 2021 |
| Automated Safety Verification of Programs Invoking Neural Networks | Maria Christakis, Hasan Ferit Eniser, Holger Hermanns, Jörg Hoffmann, Yugesh Kothari, Jianlin Li, Jorge A. Navas and Valentin Wüstholz | CAV 2021 | Paper | 2021 |
| Perfectly parallel fairness certification of neural networks | Caterina Urban, Maria Christakis, Valentin Wüstholz, Fuyuan Zhang | OOPSLA 2020 | Paper | 2020 |
| Detecting critical bugs in SMT solvers using blackbox mutational fuzzing | Muhammad Numair Mansur, Maria Christakis, Valentin Wüstholz, Fuyuan Zhang | ESEC/FSE 2020 | Paper | 2020 |
| Harvey: a greybox fuzzer for smart contracts | Valentin Wüstholz, Maria Christakis | ESEC/FSE 2020 | Paper | 2020 |
| Targeted greybox fuzzing with static lookahead analysis | Valentin Wüstholz, Maria Christakis | ICSE 2020 | Paper | 2020 |
| Practical Mutation Testing for Smart Contracts | Joran Honig et al. | CBT'19 | Paper | 2019 |
| Differentially testing soundness and precision of program analyzers | Christian Klinger, Maria Christakis, Valentin Wüstholz | ISSTA 2019 | Paper | 2019 |
| HARVEY: A Greybox Fuzzer for Smart Contracts | Valentin Wüstholz, Maria Christakis | Paper | 2019 | |
| Semantic Fault Localization and Suspiciousness Ranking | Maria Christakis, Matthias Heizmann, Muhammad Numair Mansur, Christian Schilling, Valentin Wüstholz | TACAS 2019 | Paper | 2019 |
| SoK: Transparent Dishonesty: front-running attacks on Blockchain | Shayan Eskandari et al. | Workshop on Trusted Smart Contracts @ Financial Cryptography 19 | Paper | 2019 |
| Smashing Ethereum Smart Contracts for Fun and Real Profit | Bernhard Mueller | HITB Security Conference | Paper | 2018 |
| A first look at browser-based Cryptojacking | Shayan Eskandari et al. | Security & Privacy on the Blockchain (affiliated with Euro S&P) | Paper | 2018 |
| On the feasibility of decentralized derivatives markets | Shayan Eskandari et al. | FC 2017: Financial Cryptography and Data Security | Paper | 2017 |
| Real-world Deployability and Usability of Bitcoin | Shayan Eskandari | Concordia University - MASc Thesis | Paper | 2016 |
| A first look at the usability of bitcoin key management | Shayan Eskandari et al. | USEC 15 NDSS Workshop on Usable Security (USEC) | Paper | 2015 |
Talks & Workshops
We educate 🎓, publish research, and join public discussion to spearhead blockchain security awareness.
Vulnerability Disclosure
Responsible disclosure of 0-day vulnerabilities is one way we show our gratitude to all the beautiful ❤️ open-source projects.