Skip to main content
Till KTH:s startsida Till KTH:s startsida

Mojtaba Eshghie

Profile picture of Mojtaba Eshghie





About me

Master's/Bachelor Students

Name Project Subject Degree Level Year Industrial
Gustav Andersson Kasche Smart Contracts Invariant Extraction Master's 2024 -
Gabriele Morello Smart Contracts Invariant Synthesis Master's 2024 -
Glacier Ali Improving Unit Tests Using Generative AI Master's 2024  
Hans Stammler Cross-Platform Monitoring of High-level Properties in Smart Contracts Master's 2024 -
Viktor Åryd Solidity AST Differencing Master's 2024 -
Erik Cruz An Initial Investigation of Automatic Program Repair for Solidity Smart Contracts with Large Language Models Master's 2023 -
Siwei Zhang Trace Visualization of Distributed and Centralized Applications Master's 2023


Fredrik Svanholm Implementation and Evaluation of a Decentralized Fund Protocol Master's 2023 Centiglobe
Mikael Jafari Fundamental Attacks on Ethereum Oracles and How to Prevent Them Master's 2023 Handelsbanken

Filip Jacobson,

Gustav Andersson Kasche

Tracing of Second-Life Computer Components using Smart Contracts on the Algorand Blockchain Bachelor's 2022 -

We have bachelor's/master's degree project topics available. Do not hesitate to get in touch with me for an update on that if you are interested.

My Background

I am a PhD Candidate at the Theoretical Computer Science division of KTH Royal Institute of Technology. My current research is focused on Temporal Monitoring Smart Contracts using state-of-the-art. I am working under the supervision of Cyrille Artho.

In 2019, I was awarded a master's degree in Information Technology Engineering from the University of Tehran after successfully performing research in two fields ofInternet of Things and Network Monitoring. The latter project was conducted in Telecom Paristech LINCS laboratory.


IWBOSE 2024 (part of SANER 2024):
From Creation to Exploitation: The Oracle Lifecycle
Decentralized Finance (DeFi) systems leverage blockchain oracles to access off/on-chain data as a service. Therefore, maintaining the integrity of oracle data is essential.
However, the integrity of these oracles data can be compromised through different attacks, and the effectiveness of these attacks varies depending on the specific stage of the oracle's lifecycle. This work presents a comprehensive analysis of this lifecycle, identifying potential attack types and examining the efficacy of existing defense mechanisms. We propose a generalized model encompassingdata creation,submission,consensus,election, anddeprecation stages.
We evaluate our model against seven recent high-profile DeFi exploits totaling $187 million. We have also studied bond systems as a preventive measure against at least a subset of oracle exploits.  Our findings suggest that while bond systems increase the cost of attacks, thereby fortifying oracle data integrity against adversarial manipulations, they also require careful calibration to avoid hindering honest participation.

NWPT 2023 :
Exposing Flaws by Modeling Vulnerable-by-Design Smart Contracts
Smart contracts can manage assets worth millions of Euro but are often not formally modeled and, consequently, may contain vulnerabilities. This paper explores the application of Dynamic Condition Response (DCR) graphs, initially developed for modeling business processes, to model and analyze smart contracts’ embedded processes. Using DCR graphs, we demonstrate high-level properties in the contracts, such as event partial ordering and role-based access control via empirical analysis of several high-profile successful exploits on smart contracts. The result of our analysis offers valuable insights and underscores the potential of DCR graphs in preventing the vulnerabilities causing the breaches.

SEFM 2023:
Capturing Smart Contract Design with DCR Graphs
Smart contracts manage blockchain assets and embody business processes. However, mainstream smart contract programming languages such as Solidity lack explicit notions of roles, action dependencies, and time. Instead, these concepts are implemented in program code. This makes it very hard to design and analyze smart contracts. We argue that DCR graphs are a suitable formalization tool for smart contracts because they explicitly and visually capture the mentioned features. We utilize this expressiveness to show that many common high-level design patterns representing the underlying business processes in smart contract applications can be naturally modeled this way. Applying these patterns shows that DCR graphs facilitate the development and analysis of correct and reliable smart contracts by providing a clear and easy-to-understand specification.

EASE 2021:
Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning
In this work, we propose Dynamit, a monitoring framework to detect reentrancy vulnerabilities in Ethereum smart contracts. The novelty of our framework is that it relies only on transaction metadata and balance data from the blockchain system; our approach requires no domain knowledge, code instrumentation, or special execution environment. Dynamit extracts features from transaction data and uses a random forest model to classify transactions as benign or harmful. Therefore, not only can we find the contracts that are vulnerable to reentrancy attacks, but we also get an execution trace that reproduces the attack. Using a random forest classifier, our model achieved more than 90 percent accuracy on 105 transactions, showing the potential of our technique.


Conferences/Events I Helped With

4th International Workshop on Formal Methods for Blockchains, supporting reviewer

The 24th International Conference on Formal Engineering Methods, subreviewer

17th IEEE International Conference on Software Testing, Verification and Validation (ICST) 2024, subreviewer

7th Workshop on Validation, Analysis and Evolution of Software Tests, subreviewer


Computer Security (DD2395), assistant | Course web

Internet Programming (DD1386), assistant | Course web

Network Programming (ID1212), assistant | Course web

Programmable Society (DD2485), assistant | Course web

Software Engineering Fundamentals (DD2480), assistant | Course web

Software Safety and Security (DD2460), assistant | Course web