 Thanks. Good afternoon everyone. My name is Loi. I'm a cloud of kyber network a decentralized You know a change for all the cryptocurrency and tokens, but today I'm not going to talk about kyber I'm going to talk about or anti the work that I did before kyber and Oriental is now maintained and supported by Mellon port Right, so what is Oriente? Oriente is a smart contract analyzer that, you know, based on symbolic execution. So basically, you know, given a smart contract Oriente can just, you know, scan old, you know, scan through the contract and, you know, find all the possible vulnerabilities in your smart contract So we released the first version of Oriente back in 2016 You know with my team from national university of Singapore and I first present Oriente at DEF CON 2 in Shanghai last year and after my presentation Mellon port, you know, reached out and they wanted to support the development of Oriente so and today Oriente is available online at this URL. If you have your laptop with you, you can check it out So here's the GitHub URL of Oriente as well I mean, Oriente is still under active development So if you have, you know, you want to contribute feel free to go to GitHub and start exploring Right, so first of all, what is symbolic execution? The techniques behind Oriente So I will use a simple function here that, you know, get the bonus given some, you know, contribution amount in some token sale, right? So if the amount is like greater than 100 ether, then the bonus is 15% Otherwise, you know, if the amount is greater than 50 ether, then you get 10% bonus Otherwise, there's no bonus for you So if you look at this function, there are three main There are three main branches in the entire function You know, H is greater than 100 and, you know, H is greater than 50 and less than 100 and H is less than 50 ether So symbolic execution allows us to explore all the possible parts of the program of your functions and it will record all the, you know, contract behaviors in each part and it will summarize all the behaviors in some token sale It will summarize all the behaviors in something called the part condition Here you will see that for every part, we will have the condition for the input to drive the contract or the program to that part, right? So with this summarized part condition with this summarized part condition, we can easily check if some property is violated So for example, we can check whether if, you know, H is less than 50 and, you know, the bonus is still greater than zero So the way we do it is that we encode all the part condition and also the property that we want to check in some theorem-proving language and, you know, we use some theorem-prover or solver to check the feasibility What's going on? Okay, right, so we can check, we can use the theorem-prover or solver to check the feasibility of, you know, the property violation Right, so this is the main architecture of Oriente So Oriente works with, you know, the EVM bytecode and it also detects the Ethereum state into account So given the bytecode, it will generate the control flow graph of the contract and if we use simple execution to explore all the possible part and, you know, for every part, we will just analyze to see whether, you know, some property is violated and of course we will use the theorem solver here to check that and if Oriente flags any bug, then there is a validator component to check whether the bug is, you know, found positive or not So what is the main difference between Oriente and, you know, other formal verification techniques? So Oriente basically, you know, tries to find all the possible part in the program and see whether, you know, some bug or some property is violated On the other hand, you know, formal verification allows you to formally prove that, you know, if, you know, the correctness of some runtime property of your contract or program So Oriente doesn't guarantee the absence of some bug It's to say, you know, I have checked, you know, these many parts in the program and, you know, these are the bugs that I found On the other hand, you know, Oriente is easy to use and, you know, works for most of the existing smart contracts But for formal verification, you know, sometimes, you know, it doesn't work automatically So maybe it requires some people like Yoichi or, you know, some other previous presenter to, you know, configure the program and, you know, run it with the tool So what are the new features that we support in Oriente after the DEF CON presentation? I will quickly walk through all of them So the first one that we support is, you know, checking the assertion violation in the program So, you know, developers, they, you know, sometimes they make some subtle mistakes, right? They are not even aware of that So for example, this is a simple function that transfers the token from, you know, the sender to the receiver So any of you can detect, you know, the major problem in this function Oh, oh, sorry, this is, this should be a minus, sorry Yeah Right, right, so I can just quickly fix it But there's an, right Right, sorry, this is the naive bug, right? There's small subtle bug Right, this is another naive bug, sorry Another naive bug Not really Right, so what happens if sender and receiver are the same? So this guy can just, you know, print more token out of thin air, right? So this is really subtle and, you know, it happens in one of the contracts that we have audited before So with Oriente, it can check, you know, this, you know, if we add some assertion there And Oriente can check whether this assertion is violated before you even deploy the contract on the mainnet or testnet So I can just quickly show you the demo Right, this is another naive bug So this is the live version of Oriente It's at, you know, orientate.mallon.network So you can just click to compile with Right, click to Oriente and analyze Oh, something's wrong Sorry, I get back to it later, but, you know Right, but basically, you know, with Oriente you can check, you know, whether some assertion is violated Before, you know, you even deploy the contract to the mainnet or testnet Another feature that we support is, you know, loop handling So if you ever, you know, work with, you know, program analysis, you will know that, you know, handling loop is, you know, a nightmare Right, because basically, you know, loop can just force the analyzer to run forever And, you know, it makes the program termination non-deterministic So this simple function here can just make, you know, Oriente run forever Because we have, like, no idea, like, what is the length here, right? What is the length of the value X, of the array X So in Oriente we handle loops in different ways So first of all, we allow the user to specify the gas limit So Oriente will just keep exploring the program until the gas limit is reached We also allow the user to specify the number of iterations that they want the loop to be to run, right? So here's the argument that you can use Oriente user can also specify the timeout that they allow Oriente to run So after that timeout, Oriente will just, you know, stop Another thing that we added after the DEF CON 2 is, you know, making Oriente more dynamic So when you analyze, so Oriente is based on static simulator execution So that means we only care about the contract itself We do not care much about the environment outside of the contract, right? So for example, if the contract calls another contract Then we do not analyze the contract that this contract is calling So with Oriente, we allow the user to set up a customized blockchain or environment So when this contract calls another contract, then Oriente will go to that contract as well and analyze it So this is how you can specify the environment to work with Oriente So it looks complicated, but basically you can specify the gas limit, the difficulty of the block The transition data that, you know, you want to send to the function You can also specify the account state, including, you know, the balance and the storage of some account So there are a bunch of new features that we are planning to add The first one is to generate all the test cases, because, you know, Oriente visits all the possible parts of the program And it records all the behaviors of the program So it is possible for Oriente to generate the corresponding input that drives the program to the same part So basically you can use all the generated input as a test case for your smart contract And use it in other framework like shuffle We also plan to, like, simplify all the constraints in the part condition So for example, if you have two conditions like, you know, X is greater than zero and X is less than two Then we can simplify it to, you know, X equal to one So that will reduce the time that we query the solver or the theorem prover We also want to reduce the number of positive reports in order to provide more helpful feedback to the developers So these are all the new features that we are going to add in the near future Right, so with that I want to conclude my presentation And again, this is the URL to the GitHub repo and Oriente is available online These are all the main developers of Oriente that have, you know, been contributing to the project And again, thanks to Melanport for sponsoring and, you know, for the support so far