Skip to main content
Back to KTH start page

Mojtaba Eshghie

Profile picture of Mojtaba Eshghie

Doctoral student

Details

Address
LINDSTEDTSVÄGEN 5, PLAN 5

Researcher


About me

Master's/Bachelor Students

Name Project Subject Degree Year Company
Gustav Andersson Kasche Smart Contracts Invariant Mining Master's 2024 -
Gabriele Morello Smart Contracts Invariant Synthesis Master's 2024 -
Glacier Ali Improving Unit Tests Using Generative AI Master's 2024 Securitas
Hans Stammler Cross-Platform Monitoring of High-level Properties in Smart Contracts Master's 2024 -
Viktor Åryd Solidity AST Differencing Master's 2024 -
Erik Cruz An Initial Investigation of Automatic Program Repair for Solidity Smart Contracts with Large Language Models Master's 2023 -
Siwei Zhang Trace Visualization of Distributed and Centralized Applications Master's 2023

Ericsson

Fredrik Svanholm Implementation and Evaluation of a Decentralized Fund Protocol Master's 2023 Centiglobe
Mikael Jafari Fundamental Attacks on Ethereum Oracles and How to Prevent Them Master's 2023 Handelsbanken

Filip Jacobson,

Gustav Andersson Kasche

Tracing of Second-Life Computer Components using Smart Contracts on the Algorand Blockchain Bachelor's 2022 -

We have bachelor's/master's degree project topics available. Do not hesitate to get in touch with me for an update on that if you are interested.

My Background

I am a PhD Candidate at the Theoretical Computer Science division of KTH Royal Institute of Technology. My current research is focused on Temporal Monitoring Smart Contracts using state-of-the-art. I am working under the supervision of Cyrille Artho.

In 2019, I was awarded a master's degree in Information Technology Engineering from the University of Tehran after successfully performing research in two fields ofInternet of Things and Network Monitoring. The latter project was conducted in Telecom Paristech LINCS laboratory.

Publications

SoliDiffy: AST Differencing for Solidity Smart Contracts

SoliDiffy, a dedicated AST differencing tool for Solidity, provides precise edit scripts to enhance tasks like vulnerability detection, code repair, and reviews, outperforming existing tools in complex contract analysis.

ASE 2024:

Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs

XploGen leverages model-based oracle specifications and LLMs to generate effective smart contract exploits, addressing data limitations in existing vulnerability analysis tools.

HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts

HighGuard detects cross-chain business logic violations in smart contracts using DCR graph models, ensuring accurate monitoring without code changes or extra gas costs, with zero false positives as shown in tests on 54 exploits.

DISL: Fueling Research with A Large Dataset of Solidity Smart Contracts

DISL is a comprehensive dataset of 514,506 unique Solidity contracts from Ethereum mainnet, supporting machine learning and benchmarking tools with unmatched size and recency up to January 2024.

IWBOSE 2024 (SANER 2024):
From Creation to Exploitation: The Oracle Lifecycle

We analyze the lifecycle of blockchain oracles in DeFi, identifying vulnerabilities and evaluating defenses, with a model tested against $187M in recent exploits, highlighting bond systems as partial mitigation.

NWPT 2023 :
Exposing Flaws by Modeling Vulnerable-by-Design Smart Contracts
The result of our analysis offers valuable insights and underscores the potential of DCR graphs in preventing the vulnerabilities causing the breaches.

SEFM 2023:
Capturing Smart Contract Design with DCR Graphs
DCR graphs offer a formal tool for modeling smart contracts, capturing roles, dependencies, and timing visually, enabling analysis of business processes for secure smart contract development.

CircleChain: Tokenizing products with a role-based scheme for a circular economy

We propose a role-based token management scheme on the Algorand blockchain for tracking second-life components in a circular economy, enabling authentication, synthesis, and trading while supporting scalable and trustless management of supply chain processes.

EASE 2021:
Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning

Dynamit is a framework for detecting reentrancy vulnerabilities in Ethereum smart contracts using only transaction metadata and balance data, achieving over 90\% accuracy without code instrumentation.

 

Conferences/Events I Helped With

4th International Workshop on Formal Methods for Blockchains, supporting reviewer

The 24th International Conference on Formal Engineering Methods, subreviewer

17th IEEE International Conference on Software Testing, Verification and Validation (ICST) 2024, subreviewer

7th Workshop on Validation, Analysis and Evolution of Software Tests, subreviewer

31st International Conference on Tools and Algorithms for the Construction and Analysis of Systems, subreviewer


Courses

Computer Security (DD2395), assistant | Course web

Internet Programming (DD1386), assistant | Course web

Software Engineering Fundamentals (DD2480), assistant | Course web

Software Safety and Security (DD2460), assistant | Course web