Oyente

An Open-source Analysis Tool for Smart Contracts

Oyente was created by Loi Luu and his team from National University of Singapore in 2016. Oyente is currently maintained by the public community like any open source project.

Smart contracts are fundamentally full-fledged programs that run on blockchains. These "contracts" are automatically executed when specified requirements are met. With the steady rise in the adoption of smart contracts - Ethereum's system supports tens of thousands of contracts-, these contracts hold millions of dollars (ever increasing) worth of virtual coins.

The projected rise in the adoption of smart contracts means that the value being processed by these contracts will also increase. As with anything of value, the relationship between risk and reward is directly proportional. An increase in reward (access to value) results in greater risks (whether inherent or external). We have already observed situations where an adversary can manipulate smart contract execution to gain profits. The exploitation of the structural vulnerabilities suggest that there are bugs that can compromise the security of the platform. It also indicates the existence of subtle gaps in the understanding of the distributed semantics of the underlying platform.

We built a symbolic execution tool called Oyente to find potential security bugs in contracts written by developers for the existing Ethereum system. Our objective for Oyente is to increase the security of the smart contracts by identifying vulnerabilities which will allow developers to mitigate the identified risks. Of the 19,366 existing Ethereum contracts, Oyente flags 8,833 of them as vulnerable, including the DAO bug which led to a USD 60 million loss in June 2016.

Risk is often the main barrier of entry for mainstream adoption. As the decentralized ecosystem grows, the need for enhanced security will only become ever more critical. If the vision of a decentralized world is ever to become reality, we first need to ensure that a decentralized world is not a threat but rather, a natural progression. For that to happen, risks must first be minimized.

Publications & Media

Awesome Projects Using Oyente