05-27, 14:00–14:25 (CET), Workshop
Understanding control flow is fundamental to smart contract security, but analyzing interactions across multiple functions remains a major challenge. Traditional Control Flow Graphs (CFGs) often stop at function borders, missing crucial vulnerabilities that arise from inter-contract or intra-contract calls. This is where the Wake Framework's Inter-Procedural Control Flow Graph (ICFG) steps in.
Static analysis is сritical for blockchain security, yet the complexity of modern smart contracts often pushes traditional methods to their limits. Analyzing functions in isolation overlooks interactions that occur through external and internal calls. This talk introduces the Inter-Procedural Control Flow Graph (ICFG) as implemented in the Wake Framework, offering a more holistic approach to static analysis.
We'll begin by outlining the limitations of standard CFGs in decentralized applications. Then, we'll dive into the specifics of Wake's ICFG:
- How it builds upon Wake's Intermediate Representation (IR).
- The process of connecting function calls and returns to create a unified graph.
- Representing different control flow transitions (e.g., conditional jumps, function calls, reverts).
- Leveraging the ICFG for advanced security analyses.
Using concrete examples, There will be illustrated how analyzing the ICFG provides deeper insights compared to function-local CFGs, enabling developers and auditors to identify vulnerabilities that might otherwise go unnoticed.
Ethereum Auditor and developer of static analysis tools in Ackee Blockchain Security