Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Jianzhong Su,Jiachi Chen,Zhiyuan Fang,Xingwei Lin,Yutian Tang,Zibin Zheng

2024-06-14

Abstract:As decentralized applications (DApps) proliferate, the increased complexity and usage of smart contracts have heightened their susceptibility to security incidents and financial losses. Although various vulnerability detection tools have been developed to mitigate these issues, they often suffer poor performance in detecting vulnerabilities, as they either rely on simplistic and general-purpose oracles that may be inadequate for vulnerability detection, or require user-specified oracles, which are labor-intensive to create. In this paper, we introduce SmartOracle, a dynamic invariant detector that automatically generates fine-grained invariants as application-specific oracles for vulnerability detection. From historical transactions, SmartOracle uses pattern-based detection and advanced inference to construct comprehensive properties, and mines multi-layer likely invariants to accommodate the complicated contract functionalities. After that, SmartOracle identifies smart contract vulnerabilities by hunting the violated invariants in new transactions. In the field of invariant detection, SmartOracle detects 50% more ERC20 invariants than existing dynamic invariant detection and achieves 96% precision rate. Furthermore, we build a dataset that contains vulnerable contracts from real-world security incidents. SmartOracle successfully detects 466 abnormal transactions with an acceptable precision rate 96%, involving 31 vulnerable contracts. The experimental results demonstrate its effectiveness in detecting smart contract vulnerabilities, especially those related to complicated contract functionalities.

Software Engineering,Cryptography and Security

Haiyue Chen,Xiangfu Zhao,Yichen Wang,Zixian Zhen

DOI: https://doi.org/10.1002/spy2.393

2024-03-13

Security and Privacy

Abstract:Ethereum smart contracts are a special type of computer programs. Once deployed on the blockchain, they cannot be modified. This presents a significant challenge to the security of smart contracts. Previous research has proposed static and dynamic detection tools to identify vulnerabilities in smart contracts. These tools check contract vulnerabilities based on predefined rules, and the accuracy of detection strongly depends on the design of the rules. However, the constant emergence of new vulnerability types and strategies for vulnerability protection leads to numerous false positives and false negatives by tools. To address this problem, we analyze the characteristics of vulnerabilities in smart contracts and the corresponding protection strategies. We convert the contracts' bytecode into an intermediate representation to extract semantic information of the contracts. Based on this semantic information, we establish a set of detection rules based on semantic facts and implement a vulnerability detection tool SafeCheck using static program analysis methods. The tool is used to detect six common types of vulnerabilities in smart contracts. We have extensively evaluated SafeCheck on real Ethereum smart contracts and compared it to other tools. The experimental results show that SafeCheck performs better in smart contract vulnerability detection compared to other typical tools, with a high F‐measure (up to 83.1%) for its entire dataset.

Sunbeom So,Myungho Lee,Jisu Park,Heejo Lee,Hakjoo Oh

DOI: https://doi.org/10.48550/arXiv.1908.11227

2019-08-30

Abstract:We present VeriSmart, a highly precise verifier for ensuring arithmetic safety of Ethereum smart contracts. Writing safe smart contracts without unintended behavior is critically important because smart contracts are immutable and even a single flaw can cause huge financial damage. In particular, ensuring that arithmetic operations are safe is one of the most important and common security concerns of Ethereum smart contracts nowadays. In response, several safety analyzers have been proposed over the past few years, but state-of-the-art is still unsatisfactory; no existing tools achieve high precision and recall at the same time, inherently limited to producing annoying false alarms or missing critical bugs. By contrast, VeriSmart aims for an uncompromising analyzer that performs exhaustive verification without compromising precision or scalability, thereby greatly reducing the burden of manually checking undiscovered or incorrectly-reported issues. To achieve this goal, we present a new domain-specific algorithm for verifying smart contracts, which is able to automatically discover and leverage transaction invariants that are essential for precisely analyzing smart contracts. Evaluation with real-world smart contracts shows that VeriSmart can detect all arithmetic bugs with a negligible number of false alarms, far outperforming existing analyzers.

Programming Languages,Cryptography and Security

Shiji Wang,Xiangfu Zhao

DOI: https://doi.org/10.1007/s10515-024-00471-8

IF: 1.677

2024-10-25

Automated Software Engineering

Abstract:Frequent smart contract security incidents pose a threat to the credibility of the Ethereum platform, making smart contract vulnerability detection a focal point of concern. Previous research has proposed vulnerability detection methods in smart contracts. Generally, these tools rely on predefined rules to detect vulnerable smart contracts. However, using out-of-date rules for vulnerability detection may lead to a significant number of false negatives and false positives due to the growing variety of smart contract vulnerability types and the ongoing enhancement of vulnerability defense mechanisms. In this paper, we propose ContractSentry, a tool for static analysis of smart contracts. First, we preprocess Solidity code to build critical contract information and transform it into an intermediate representation. Then, based on the intermediate representations, we propose composite rules for vulnerability detection by analyzing the characteristics of different types of vulnerabilities in smart contracts. Finally, we evaluate ContractSentry with two datasets and compare it with state-of-the-art vulnerability detection tools. Experimental results demonstrate that ContractSentry achieves superior detection effectiveness.

computer science, software engineering

Jiashuo Zhang,Yue Li,Jianbo Gao,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1109/icse-companion58688.2023.00019

2023-01-01

Abstract:Ethereum smart contract enables developers to enforce access control policies of critical functions using built-in signature verification interfaces, i.e., ecrecover. However, due to the lack of best practices for these interfaces, improper verifications commonly exist in deployed smart contracts, leaving potential unauthorized access and financial losses. Even worse, the attack surface is ignored by both developers and existing smart contract security analyzers. In this paper, we take a close look at signature-related vulnerabilities and de-mystify them with clear classification and characterization. We present SIGUARD, the first automatic tool to detect these vulnerabilities in real-world smart contracts. Specifically, SIGUARD explores signature-related paths in the smart contract and extracts data dependencies based on symbolic execution and taint analysis. Then, it conducts vulnerability detection based on a systematic search for violations of standard patterns including EIP-712 and EIP-2621. The preliminary evaluation validated the efficacy of SIGUARD by reporting previously unknown vulnerabilities in deployed smart contracts on Ethereum. A video of SIGUARD is available at https://youtu.be/xXAEhqXWOu0.

Tengyun Jiao,Zhiyu Xu,Minfeng Qi,Sheng Wen,Yang Xiang,Gary Nan

DOI: https://doi.org/10.1145/3643895

2024-02-12

Abstract:A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This paper is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented.

Meihua Xiao,Yangping Xu,Zehuan Li,Hongbin Wan

DOI: https://doi.org/10.3390/electronics13204093

IF: 2.9

2024-10-18

Electronics

Abstract:The development of smart contracts remains in its early stages, with significant differences in underlying programming languages and application platforms resulting in a lack of standardization. This lack of standardization increases the susceptibility to vulnerabilities and associated financial losses. To address security vulnerabilities in smart contracts on the Ethereum blockchain platform, this paper proposes a security audit method based on formal verification. The method integrates an input module, static analysis module, formal verification module, analog execution module, and report and recommendation module, which can accurately discover the security vulnerabilities and logical flaws of smart contracts through formal verification and other analysis techniques, thus realizing correctness detection. During the experiment, the method detects 8 types of common vulnerabilities in 148 smart contracts and marks 21 smart contracts with vulnerabilities. After manual review and analysis, it is found that 17 of these 21 marked smart contracts do have security vulnerabilities. The experimental results show that the proposed method can accurately detect security vulnerabilities and logic flaws in smart contracts through formal verification and other analysis techniques before smart contracts are deployed, thus significantly improving the security of smart contracts and reducing the economic losses that may be caused by code defects.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dongcheng Li,W. Eric Wong,Xiaodan Wang,Sean Pan,Liang-Seng Koh

2024-10-01

Abstract:This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.

Software Engineering

Zhiyuan Wei,Jing Sun,Zijian Zhang,Xianhao Zhang,Meng Li,Liehuang Zhu

2023-11-02

Abstract:Blockchain smart contracts have emerged as a transformative force in the digital realm, spawning a diverse range of compelling applications. Since solidity smart contracts across various domains manage trillions of dollars in virtual coins, they become a prime target for attacks. One of the primary challenges is keeping abreast of the latest techniques and tools for developing secure smart contracts and examining those already deployed. In this paper, we seek to address these challenges from four aspects: (1) We begin by examining ten automatic tools, specifically focusing on their methodologies and their ability to identify vulnerabilities in solidity smart contracts. (2) We propose a novel criterion for evaluating these tools, based on the ISO/IEC 25010 standard. (3) To facilitate the evaluation of the selected tools, we construct a benchmark that encompasses two distinct datasets: a collection of 389 labelled smart contracts and a scaled set of 20,000 unique cases from real-world contracts. (4) We provide a comparison of the selected tools, offering insights into their strengths and weaknesses and highlighting areas where further improvements are needed. Through this evaluation, we hope to provide developers and researchers with valuable guidance on selecting and using smart contract analysis tools and contribute to the ongoing efforts to improve the security and reliability of smart contracts.

Distributed, Parallel, and Cluster Computing

Jiashuo Zhang,Yiming Shen,Jiachi Chen,Jianzhong Su,Yanlin Wang,Ting Chen,Jianbo Gao,Zhong Chen

2024-08-09

Abstract:Ethereum has officially provided a set of system-level cryptographic APIs to enhance smart contracts with cryptographic capabilities. These APIs have been utilized in over 10% of Ethereum transactions, motivating developers to implement various on-chain cryptographic tasks, such as digital signatures. However, since developers may not always be cryptographic experts, their ad-hoc and potentially defective implementations could compromise the theoretical guarantees of cryptography, leading to real-world security issues. To mitigate this threat, we conducted the first study aimed at demystifying and detecting cryptographic defects in smart contracts. Through the analysis of 2,406 real-world security reports, we defined nine types of cryptographic defects in smart contracts with detailed descriptions and practical detection patterns. Based on this categorization, we proposed CrySol, a fuzzing-based tool to automate the detection of cryptographic defects in smart contracts. It combines transaction replaying and dynamic taint analysis to extract fine-grained crypto-related semantics and employs crypto-specific strategies to guide the test case generation process. Furthermore, we collected a large-scale dataset containing 25,745 real-world crypto-related smart contracts and evaluated CrySol's effectiveness on it. The result demonstrated that CrySol achieves an overall precision of 95.4% and a recall of 91.2%. Notably, CrySol revealed that 5,847 (22.7%) out of 25,745 smart contracts contain at least one cryptographic defect, highlighting the prevalence of these defects.

Cryptography and Security,Software Engineering

Massimo Bartoletti,Angelo Ferrando,Enrico Lipparini,Vadim Malvone

2024-09-23

Abstract:Smart contracts are an attractive target for attackers, as evidenced by a long history of security incidents. A current limitation of smart contract verification tools is that they are not really effective in expressing and verifying liquidity properties regarding the exchange of crypto-assets: for example, is it true that in every reachable state a user can fire a sequence of transactions to withdraw a given amount of crypto-assets? We propose Solvent, a tool aimed at verifying these kinds of properties, which are beyond the reach of existing verification tools for Solidity. We evaluate the effectiveness and performance of Solvent through a common benchmark of smart contracts.

Cryptography and Security,Programming Languages

Zhiyuan Wei,Jing Sun,Zijiang Zhang,Xianhao Zhang

2024-10-12

Abstract:The immutable nature of blockchain technology, while revolutionary, introduces significant security challenges, particularly in smart contracts. These security issues can lead to substantial financial losses. Current tools and approaches often focus on specific types of vulnerabilities. However, a comprehensive tool capable of detecting a wide range of vulnerabilities with high accuracy is lacking. This paper introduces LLM-SmartAudit, a novel framework leveraging the advanced capabilities of Large Language Models (LLMs) to detect and analyze vulnerabilities in smart contracts. Using a multi-agent conversational approach, LLM-SmartAudit employs a collaborative system with specialized agents to enhance the audit process. To evaluate the effectiveness of LLM-SmartAudit, we compiled two distinct datasets: a labeled dataset for benchmarking against traditional tools and a real-world dataset for assessing practical applications. Experimental results indicate that our solution outperforms all traditional smart contract auditing tools, offering higher accuracy and greater efficiency. Furthermore, our framework can detect complex logic vulnerabilities that traditional tools have previously overlooked. Our findings demonstrate that leveraging LLM agents provides a highly effective method for automated smart contract auditing.

Cryptography and Security

Zeqin Liao,Sicheng Hao,Yuhong Nan,Zibin Zheng

DOI: https://doi.org/10.1145/3597926.3598111

2024-06-23

Abstract:Smart contracts written in Solidity are widely used in different blockchain platforms such as Ethereum, TRON and BNB Chain. One of the unique designs in Solidity smart contracts is its state-reverting mechanism for error handling and access control. Unfortunately, a number of recent security incidents showed that adversaries also utilize this mechanism to manipulate critical states of smart contracts, and hence, bring security consequences such as illegal profit-gain and Deny-of-Service (DoS). In this paper, we call such vulnerabilities as the State-reverting Vulnerability (SRV). Automatically identifying SRVs poses unique challenges, as it requires an in-depth analysis and understanding of the state-dependency relations in smart contracts. This paper presents SmartState, a new framework for detecting state-reverting vulnerability in Solidity smart contracts via fine-grained state-dependency analysis. SmartState integrates a set of novel mechanisms to ensure its effectiveness. Particularly, Smart-State extracts state dependencies from both contract bytecode and historical transactions. Both of them are critical for inferring dependencies related to SRVs. Further, SmartState models the generic patterns of SRVs (i.e., profit-gain and DoS) as SRV indicators, and hence effectively identify SRVs based on the constructed state-dependency graph. To evaluate SmartState, we manually annotated a ground-truth dataset which contains 91 SRVs in the real world. Evaluation results showed that SmartState achieves a precision of 87.23% and a recall of 89.13%. In addition, SmartState successfully identifies 406 new SRVs from 47,351 real-world smart contracts. 11 of these SRVs are from popular smart contracts with high transaction amounts (i.e., top 2000). In total, our reported SRVs affect a total amount of digital assets worth 428,600 USD.

Software Engineering

Pengxiang Ma,Ningyu He,Yuhua Huang,Haoyu Wang,Xiapu Luo

2023-07-02

Abstract:Smart contracts play a vital role in the Ethereum ecosystem. Due to the prevalence of kinds of security issues in smart contracts, the smart contract verification is urgently needed, which is the process of matching a smart contract's source code to its on-chain bytecode for gaining mutual trust between smart contract developers and users. Although smart contract verification services are embedded in both popular Ethereum browsers (e.g., Etherscan and Blockscout) and official platforms (i.e., Sourcify), and gain great popularity in the ecosystem, their security and trustworthiness remain unclear. To fill the void, we present the first comprehensive security analysis of smart contract verification services in the wild. By diving into the detailed workflow of existing verifiers, we have summarized the key security properties that should be met, and observed eight types of vulnerabilities that can break the verification. Further, we propose a series of detection and exploitation methods to reveal the presence of vulnerabilities in the most popular services, and uncover 19 exploitable vulnerabilities in total. All the studied smart contract verification services can be abused to help spread malicious smart contracts, and we have already observed the presence of using this kind of tricks for scamming by attackers. It is hence urgent for our community to take actions to detect and mitigate security issues related to smart contract verification, a key component of the Ethereum smart contract ecosystem.

Cryptography and Security

Jiachi Chen,Xin Xia,David Lo,John Grundy,Daniel Xiapu Luo,Ting Chen

DOI: https://doi.org/10.48550/arXiv.1905.01467

2020-04-17

Abstract:Smart contracts are programs running on a blockchain. They are immutable to change, and hence can not be patched for bugs once deployed. Thus it is critical to ensure they are bug-free and well-designed before deployment. A Contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The detection of contract defects is a method to avoid potential bugs and improve the design of existing code. Since smart contracts contain numerous distinctive features, such as the gas system. decentralized, it is important to find smart contract specified defects. To fill this gap, we collected smart-contract-related posts from Ethereum StackExchange, as well as real-world smart contracts. We manually analyzed these posts and contracts; using them to define 20 kinds of contract defects. We categorized them into indicating potential security, availability, performance, maintainability and reusability problems. To validate if practitioners consider these contract as harmful, we created an online survey and received 138 responses from 32 different countries. Feedback showed these contract defects are harmful and removing them would improve the quality and robustness of smart contracts. We manually identified our defined contract defects in 587 real world smart contract and publicly released our dataset. Finally, we summarized 5 impacts caused by contract defects. These help developers better understand the symptoms of the defects and removal priority.

Software Engineering

Tianle Sun,Ningyu He,Jiang Xiao,Yinliang Yue,Xiapu Luo,Haoyu Wang

2024-05-31

Abstract:In Ethereum, the practice of verifying the validity of the passed addresses is a common practice, which is a crucial step to ensure the secure execution of smart contracts. Vulnerabilities in the process of address verification can lead to great security issues, and anecdotal evidence has been reported by our community. However, this type of vulnerability has not been well studied. To fill the void, in this paper, we aim to characterize and detect this kind of emerging vulnerability. We design and implement AVVERIFIER, a lightweight taint analyzer based on static EVM opcode simulation. Its three-phase detector can progressively rule out false positives and false negatives based on the intrinsic characteristics. Upon a well-established and unbiased benchmark, AVVERIFIER can improve efficiency 2 to 5 times than the SOTA while maintaining a 94.3% precision and 100% recall. After a large-scale evaluation of over 5 million Ethereum smart contracts, we have identified 812 vulnerable smart contracts that were undisclosed by our community before this work, and 348 open source smart contracts were further verified, whose largest total value locked is over $11.2 billion. We further deploy AVVERIFIER as a real-time detector on Ethereum and Binance Smart Chain, and the results suggest that AVVERIFIER can raise timely warnings once contracts are deployed.

Cryptography and Security,Software Engineering

Zhaoxuan Li,Siqi Lu,Rui Zhang,Rui Xue,Wenqiu Ma,Rujin Liang,Ziming Zhao,Sheng Gao

DOI: https://doi.org/10.1007/s10664-022-10218-2

IF: 3.762

2022-10-14

Empirical Software Engineering

Abstract:Recently, although state-of-the-art (SOTA) tools were designed and developed to analyze the vulnerabilities of smart contracts on Ethereum, security incidents caused by these vulnerabilities are still widespread. This can be attributed to the fact that each tool has various standards for judging the severity of vulnerabilities. More importantly, tools fail to identify all the vulnerabilities accurately and comprehensively as the evolution of vulnerabilities. To this end, we first propose a vulnerability assessment model to unify the vulnerability measurement standards. Next, we design a static analysis tool called SmartFast , which expresses the contract source code as a novel intermediate representation named SmartIR. Using preset rules and taint tracking technology, SmartFast matches SmartIR to locate the vulnerability code. Furthermore, SmartFast can recommend the optimization of the contract code automatically. Finally, we implement a prototype of SmartFast with 25K lines of code and compare it with 7 SOTA tools on three datasets (a total of 13,687 public contracts). The results indicate that SmartFast is efficient (only took a few seconds per contract) and robust (0.4% failure rate and resistance to the general code confusion methods). Besides, compared with other tools, SmartFast can detect more kinds of vulnerabilities (119) with a higher precision rate (98.43%) and a recall rate (85.12%), which confirms the conclusion of the theoretical analysis in the paper.

computer science, software engineering

Xiaotao Feng,Qin Wang,Xiaogang Zhu,Sheng Wen

DOI: https://doi.org/10.48550/arXiv.1905.00799

2019-05-02

Abstract:With the frantic development of smart contracts on the Ethereum platform, its market value has also climbed. In 2016, people were shocked by the loss of nearly $50 million in cryptocurrencies from the DAO reentrancy attack. Due to the tremendous amount of money flowing in smart contracts, its security has attracted much attention of researchers. In this paper, we investigated several common smart contract vulnerabilities and analyzed their possible scenarios and how they may be exploited. Furthermore, we survey the smart contract vulnerability detection tools for the Ethereum platform in recent years. We found that these tools have similar prototypes in software vulnerability detection technology. Moreover, for the features of public distribution systems such as Ethereum, we present the new challenges that these software vulnerability detection technologies face.

Software Engineering,Cryptography and Security

Menglin Fu,Lifa Wu,Zheng Hong,Feng Zhu,He Sun,Wenbo Feng

DOI: https://doi.org/10.1109/access.2019.2947146

IF: 3.9

2019-01-01

IEEE Access

Abstract:The second generation of blockchain represented by smart contracts has been developing vigorously in recent years. However, frequent smart contract vulnerability incidents pose a serious risk to blockchain ecosystem security. Since current symbol execution tools often fall into path explosion and thus lead to inefficient detection, this paper expands Mythril's framework to optimize its performance. Firstly, it finds out potential vulnerable code regions using static analysis and identifies critical paths that may have security defects. Then, aiming at the problem that traditional search algorithms cannot actively locate and explore critical paths, this paper presents a multi-objective oriented path search (MOPS) strategy based on path priority. This strategy guides dynamic symbolic execution to cover critical paths quickly, avoiding blind traversal of program execution paths. Finally, it describes security rules and proposes corresponding detection logics for different vulnerability categories. This paper analyzes over 1000 smart contracts extracted from Etherscan. Compared with existing tools based on symbolic execution, the proposed method can reduce time consumption by around 35% while ensuring the accuracy of vulnerability detection. Moreover, existing tools often issue warnings that do not actually cause financial losses. But the proposed method only concentrates on code regions related to transfer of funds, so it can reduce the false alarm rate to some extent.