Top

Empirical Software Engineering

Published in:

01-12-2022

SmartFast: an accurate and robust formal analysis tool for Ethereum smart contracts

Authors: Zhaoxuan Li, Siqi Lu, Rui Zhang, Rui Xue, Wenqiu Ma, Rujin Liang, Ziming Zhao, Sheng Gao

Published in: Empirical Software Engineering | Issue 7/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recently, although state-of-the-art (SOTA) tools were designed and developed to analyze the vulnerabilities of smart contracts on Ethereum, security incidents caused by these vulnerabilities are still widespread. This can be attributed to the fact that each tool has various standards for judging the severity of vulnerabilities. More importantly, tools fail to identify all the vulnerabilities accurately and comprehensively as the evolution of vulnerabilities. To this end, we first propose a vulnerability assessment model to unify the vulnerability measurement standards. Next, we design a static analysis tool called SmartFast, which expresses the contract source code as a novel intermediate representation named SmartIR. Using preset rules and taint tracking technology, SmartFast matches SmartIR to locate the vulnerability code. Furthermore, SmartFast can recommend the optimization of the contract code automatically. Finally, we implement a prototype of SmartFast with 25K lines of code and compare it with 7 SOTA tools on three datasets (a total of 13,687 public contracts). The results indicate that SmartFast is efficient (only took a few seconds per contract) and robust (0.4% failure rate and resistance to the general code confusion methods). Besides, compared with other tools, SmartFast can detect more kinds of vulnerabilities (119) with a higher precision rate (98.43%) and a recall rate (85.12%), which confirms the conclusion of the theoretical analysis in the paper.

previous article A large scale analysis of mHealth app user reviews

next article A large-scale empirical study of commit message generation: models, datasets and evaluation

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

The vulnerabilities are detailed in https://github.com/SmartContractTools/SmartFast/blob/main/VulnerabilityDescription.xlsx.

The code of patterns is detailed in https://github.com/SmartContractTools/SmartFast/tree/main/smartfast/smartfast/detectors.

SmartFast is available at https://github.com/SmartContractTools/SmartFast/tree/main/smartfast.

Examples of analysis reports is available on https://github.com/SmartContractTools/SmartFast/tree/main/Report.

The source code and execution result of contracts are available on https://github.com/SmartContractTools/SmartFast/tree/main/Dataset1.

For details on vulnerability detection of each tool, please refer to https://github.com/SmartContractTools/SmartFast/tree/main/VulnerabilityMapping.

The code is available on https://github.com/SmartContractTools/SmartFast/tree/main/Obfuscation.

See https://pypi.org/project/oscillo/ for details.

The contract code is detailed in https://github.com/SmartContractTools/SmartFast/tree/main/VulnerabilityIncidents.

Beosin (2020) Beosin: Blockchain security one-stop service. [EB/OL]. https://beosin.com/#/. Accessed 1 May 2021

Blockchain C (2018) Bamboo: a morphing smart contract language. [EB/OL]. https://github.com/cornellblockchain/bamboo. Accessed 1 May 2021

Bocek T, Stiller B (2018) Smart contracts–blockchains in the wings. In: Digital marketplaces unleashed. Springer, pp 169–184

Chen T, Cao R, Li T, Luo X, Gu G, Zhang Y, Liao Z, Zhu H, Chen G, He Z, Tang Y, Lin X, Zhang X (2020) SODA: a generic online detection framework for smart contracts. In: NDSS. The Internet Society

Choi J, Kim D, Kim S, Grieco G, Groce A, Cha S K (2021) SMARTIAN: enhancing smart contract fuzzing with static and dynamic data-flow analyses. In: ASE. IEEE, pp 227–239

Corporation M (2020) The z3 theorem prover. [EB/OL]. https://github.com/Z3Prover/z3. Accessed 1 May 2021

DappHub (2019) Formal verification of multicollateral dai in the k framework. [EB/OL]. https://github.com/dapphub/k-dss/. 1 Accessed May 2021

Durieux T, Ferreira J F, Abreu R, Cruz P (2020) Empirical review of automated analysis tools on 47, 587 ethereum smart contracts. In: ICSE. ACM, pp 530–541

Etherscan (2017) Contracts with verified source codes only. [EB/OL]. https://etherscan.io/contractsVerified. Accessed 1 May 2021

Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In: WETSEB@ICSE. IEEE/ACM, pp 8–15

Foundation E (2020) The solidity contract-oriented programming language. [EB/OL]. https://github.com/ethereum/solidity. Accessed 1 May 2021

Frank J, Aschermann C, Holz T (2020) ETHBMC: a bounded model checker for smart contracts. In: USENIX Security symposium. USENIX Association, pp 2757–2774

Grishchenko I, Maffei M, Schneidewind C (2018a) Ethertrust: sound static analysis of ethereum bytecode. Technische Universität Wien. Tech Rep

Grishchenko I, Maffei M, Schneidewind C (2018b) Foundations and tools for the static analysis of ethereum smart contracts. In: CAV (1), vol 10981. Springer. Lecture Notes in Computer Science, pp 51–78

Grishchenko I, Maffei M, Schneidewind C (2018c) A semantic framework for the security analysis of ethereum smart contracts. In: POST. Lecture Notes in Computer Science, vol 10804. Springer, pp 243–269

He J, Balunovic M, Ambroladze N, Tsankov P, Vechev M T (2019) Learning to fuzz from symbolic execution with application to smart contracts. In: CCS. ACM, pp 531–548

Hildenbrandt E, Saxena M, Rodrigues N, Zhu X, Daian P, Guth D, Moore B M, Park D, Zhang Y, Stefanescu A, Rosu G (2018) KEVM: a complete formal semantics of the ethereum virtual machine. In: CSF. IEEE Computer Society, pp 204–217

Jiao J, Kan S, Lin S, Sanán D, Liu Y, Sun J (2020) Semantic understanding of smart contracts: Executable operational semantics of solidity. In: IEEE S&P. IEEE, pp 1695–1712

Kalra S, Goel S, Dhawan M, Sharma S (2018) ZEUS: analyzing safety of smart contracts. In: NDSS. The Internet Society

Kasampalis T, Guth D, Moore B, Serbanuta T, Serbanuta V, Filaretti D, Rosu G, Johnson R (2018) Iele: an intermediate-level blockchain language designed and implemented using formal semantics. Tech. rep.

Krupp J, Rossow C (2018) Teether: gnawing at ethereum to automatically exploit smart contracts. In: USENIX security symposium. USENIX Association, pp 1317–1333

Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) Reguard: finding reentrancy bugs in smart contracts. In: ICSE. ACM, pp 65–68

Lu N, Wang B, Zhang Y, Shi W, Esposito C (2019) Neucheck: a more practical ethereum smart contract security analysis tool. Softw: Pract Exp

Luu L, Chu D, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: CCS. ACM, pp 254–269

Nguyen T D, Pham L H, Sun J, Lin Y, Minh QT (2020) sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: ICSE. ACM, pp 778–788

Nipkow T, Paulson L C, Wenzel M (2283) Isabelle/HOL—a proof assistant for higher-order logic. In: Lecture Notes in Computer Science. Springer

Permenev A, Dimitrov D, Tsankov P, Drachsler-Cohen D, Vechev MT (2020) Verx: safety verification of smart contracts. In: IEEE symposium on security and privacy. IEEE, pp 1661–1677

Reis J S, Crocker P A, de Sousa S M (2020) Tezla, an intermediate representation for static analysis of michelson smart contracts. In: FMBC@CAV, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, OASIcs, vol 84, pp 4:1–4:12

Rodler M, Li W, Karame G O, Davi L (2019) Sereum: protecting existing smart contracts against re-entrancy attacks. In: NDSS. The Internet Society

Schneidewind C, Grishchenko I, Scherer M, Maffei M (2020) Ethor: practical and provably sound static analysis of ethereum smart contracts. In: CCS. ACM, pp 621–640

Sergey I, Hobor A (2017) A concurrent perspective on smart contracts. In: Financial cryptography workshops. Lecture Notes In Computer Science, vol 10323. Springer, pp 478–493

Sergey I, Kumar A, Hobor A (2018) Scilla: a smart contract intermediate-level language. CoRR. arXiv:1801.00687

Software C (2020) Security analysis tool for evm bytecode. [EB/OL]. https://github.com/ConsenSys/mythril. Accessed 1 May 2021

Solidity (2020) Solidity v0.5.0 breaking changes. [EB/OL]. https://docs.soliditylang.org/en/v0.5.0/050-breaking-changes.html. Accessed 1 May 2021

SRI Lab E Z (2020) Securify v2.0. [EB/OL]. https://github.com/eth-sri/securify2. Accessed 1 May 2021

Team V (2020) Vyper documentation. [EB/OL]. https://vyper.readthedocs.io/en/latest/. Accessed 1 May 2021

Tezos (2020) Michelson: the language of smart contracts in dune. [EB/OL]. https://www.liquidity-lang.org/doc/reference/michelson.html. Accessed 1 May 2021

Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y (2018) Smartcheck: static analysis of ethereum smart contracts. In: WETSEB@ICSE. ACM, pp 9–16

Torres C F, Schütte J, State R (2018) Osiris: hunting for integer bugs in ethereum smart contracts. In: ACSAC. ACM, pp 664–676

Tsankov P, Dan A M, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M T (2018) Securify: practical security analysis of smart contracts. In: CCS. ACM, pp 67–82

Wood G, et al. (2014) Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014):1–32

Title: SmartFast: an accurate and robust formal analysis tool for Ethereum smart contracts
Authors: Zhaoxuan Li
Siqi Lu
Rui Zhang
Rui Xue
Wenqiu Ma
Rujin Liang
Ziming Zhao
Sheng Gao
Publication date: 01-12-2022
Publisher: Springer US
Published in: Empirical Software Engineering / Issue 7/2022
Print ISSN: 1382-3256
Electronic ISSN: 1573-7616
DOI: https://doi.org/10.1007/s10664-022-10218-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 7/2022

Intensifying the search-based optimization of product line architectures with crossover operators

Basic block coverage for search-based unit testing and crash reproduction

Learning from what we know: How to perform vulnerability prediction using noisy historical data

SPVF: security property assisted vulnerability fixing via attention-based models

Modeling function-level interactions for file-level bug localization

FindICI: Using machine learning to detect linguistic inconsistencies between code and natural language descriptions in infrastructure-as-code

Premium Partner