Premiere: „Oyente“ to track down errors

Smart contracts are a new technological challenge that makes it very difficult for devices to process them automatically due to their diversity. The first Smart Contract Analyzer will make its debut at the Ethereum Conference.

Oyente tool to bring new hope to Bitcoin news

After the first Bitcoin news of the smart contract deployment with the DAO project failed, scientists present a new idea: The new program, called Oyente, is said to have already detected errors in thousands of smart contracts in tests, especially the one that led to the demise of DAO.

PhD student from Singapore drove the project forward
Loi Luu, a PhD student at the National University of Singapore, explains that the company had begun troubleshooting existing smart contracts. He therefore briefly explains the origin of his tool to CoinDesk:

After we had discovered all these problems, we wanted to measure how many smart contracts were affected by errors.

He also promises that the tool will be used to detect attacks by automatically detecting injected attacks.

Tool to be presented before the Ethereum Conference

Luu and his team would like to publish the code for the smart contract Analyzer before Devcon2, a conference on the development of Ethereum, takes place in Shanghai at the end of this month. The tool solves a problem that many are looking for. So far there are no comparable tools on the market.

This would at the same time draw attention to the debate about the complexity of a smart contract language. At that time, too, there had been particular criticism of Solidity, the smart contract language developed especially for Ethereum. There is a tradeoff between the generality of a language that can be extended at will and security, which depends to some extent on how freely users are able to use it. Finally, with more possibilities, there are also new possibilities for hackers to attack.

Oyente code to be accessible to developers
Since Oyente is an open source tool, you want to release the source code of the project for developers. To this end, they are currently working on the structuring of the code and on a detailed documentation to make it easier for developers to work with the tool.

How the tool examines smart contracts for attacks
In order to track down malicious smart contracts, Oyente does not analyze the smart contracts in its own language, but first translates them into byte code. The byte code is then examined for the occurrence of certain patterns and thus checked to see whether typical locations for attacks can be found. At the same time, this makes it possible to analyze the uniform byte code without the tool being limited to a specific language.

Opinion of the author (Max):

Oyente is certainly still in its infancy, although the developers involved in the implementation have done a great deal of groundwork. This makes the tool all the more interesting as a pioneer in the field of smart contract analysis tools. After all, a decentralized system only works if different parties are involved. An external analysis tool for existing smart contract languages should also be an interesting addition.
The Ethereum Conference may also enable the team to find further support from companies in the form of expert teams or financial resources. This would lay the foundation for further development.