short-paper

SmartBugs: a framework to analyze solidity smart contracts

Authors:

João F. Ferreira,

Pedro Cruz,

Thomas Durieux,

Rui AbreuAuthors Info & Claims

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Pages 1349 - 1352

https://doi.org/10.1145/3324884.3415298

Published: 27 January 2021 Publication History

Get Access

Abstract

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present SmartBugs, an extensible and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum. SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan. We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).

References

[1]

Karthikeyan Bhargavan et al. 2016. Formal verification of smart contracts: Short paper. In PLAS.

Google Scholar

[2]

Pedro Cruz. 2019. A Study of Static Analysis Tools for Ethereum Smart Contracts. URL: https://pedrocrvz.me/assets/thesis-abstract.pdf (Accessed: 29 May 2020).

Google Scholar

[3]

Thomas Durieux, João F. Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts. In ICSE.

Google Scholar

[4]

Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Principles of Security and Trust, Lujo Bauer and Ralf Küsters (Eds.).

Google Scholar

[5]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In ACM CCS.

Google Scholar

[6]

Ivica Nikolić, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding the greedy, prodigal, and suicidal contracts at scale. In ACSAC.

Google Scholar

[7]

Daniel Perez and Benjamin Livshits. 2019. Smart Contract Vulnerabilities: Does Anyone Care? arXiv:1902.06710

Google Scholar

[8]

Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of Ethereum smart contracts. In IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

Digital Library

Google Scholar

[9]

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In ACM CCS.

Digital Library

Google Scholar

Cited By

View all

Alsunaidi SAljamaan HHammoudeh M(2024)MultiTagging: A Vulnerable Smart Contract Labeling and Evaluation FrameworkElectronics10.3390/electronics1323461613:23(4616)Online publication date: 22-Nov-2024
https://doi.org/10.3390/electronics13234616
WANG WXIA LZHANG ZMENG X(2024)Smart Contract Timestamp Vulnerability Detection Based on Code HomogeneityIEICE Transactions on Information and Systems10.1587/transinf.2024EDL8004E107.D:10(1362-1366)Online publication date: 1-Oct-2024
https://doi.org/10.1587/transinf.2024EDL8004
Xu JWang TLv MChen TZhu TJi B(2024)MVD-HG: multigranularity smart contract vulnerability detection method based on heterogeneous graphsCybersecurity10.1186/s42400-024-00245-57:1Online publication date: 11-Oct-2024
https://doi.org/10.1186/s42400-024-00245-5
Show More Cited By

Index Terms

SmartBugs: a framework to analyze solidity smart contracts
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present an empirical evaluation ...
Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: tools, analysis and countermeasures
Abstract
Nowadays, blockchain has become increasingly popular due to its promise of supporting critical business services in various areas. Blockchain systems, like Ethereum and Hyperledger Fabric, rely on sophisticated middleware, which enables the ...
Empirical vulnerability analysis of automated smart contracts security testing on blockchains
CASCON '18: Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering

The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the ...

Comments

Information & Contributors

Information

Published In

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

December 2020

1449 pages

ISBN:9781450367684

DOI:10.1145/3324884

General Chair:
John Grundy,
Program Chairs:
Claire Le Goues,
David Lo

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Horizon 2020
Fundação para a Ciência e a Tecnologia

Conference

ASE '20

Sponsor:

ASE '20: 35th IEEE/ACM International Conference on Automated Software Engineering

December 21 - 25, 2020

Virtual Event, Australia

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

88
Total Citations
View Citations
659
Total Downloads

Downloads (Last 12 months)181
Downloads (Last 6 weeks)22

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Alsunaidi SAljamaan HHammoudeh M(2024)MultiTagging: A Vulnerable Smart Contract Labeling and Evaluation FrameworkElectronics10.3390/electronics1323461613:23(4616)Online publication date: 22-Nov-2024
https://doi.org/10.3390/electronics13234616
WANG WXIA LZHANG ZMENG X(2024)Smart Contract Timestamp Vulnerability Detection Based on Code HomogeneityIEICE Transactions on Information and Systems10.1587/transinf.2024EDL8004E107.D:10(1362-1366)Online publication date: 1-Oct-2024
https://doi.org/10.1587/transinf.2024EDL8004
Xu JWang TLv MChen TZhu TJi B(2024)MVD-HG: multigranularity smart contract vulnerability detection method based on heterogeneous graphsCybersecurity10.1186/s42400-024-00245-57:1Online publication date: 11-Oct-2024
https://doi.org/10.1186/s42400-024-00245-5
Wang HHu YWu HLiu DPeng CWu YFan MLiu TFilkov VRay BZhou M(2024)Skyeye: Detecting Imminent Attacks via Analyzing Adversarial Smart ContractsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695526(1570-1582)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695526
Chen WLuo XWang HCui HZheng SLiu XShrivastava ASui Y(2024)EVMBT: A Binary Translation Scheme for Upgrading EVM Smart Contracts to WASMProceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3652032.3657570(131-142)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3652032.3657570
Chen JChen CHu JGrundy JWang YChen TZheng ZChristakis MPradel M(2024)Identifying Smart Contract Security Issues in Code Snippets from Stack OverflowProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680353(1198-1210)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680353
Gao CYang WYe JXue YSun J(2024)sGuard+: Machine Learning Guided Rule-Based Automated Vulnerability Repair on Smart ContractsACM Transactions on Software Engineering and Methodology10.1145/364184633:5(1-55)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3641846
Yashavant C(2024)SecSEC: Securing Smart Ethereum ContractsProceedings of the 17th Innovations in Software Engineering Conference10.1145/3641399.3641441(1-4)Online publication date: 22-Feb-2024
https://dl.acm.org/doi/10.1145/3641399.3641441
Boi BEsposito CLee SHong JPark J(2024)VulnHunt-GPT: a Smart Contract vulnerabilities detector based on OpenAI chatGPTProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3636003(1517-1524)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3636003
Wu SLi ZYan LChen WJiang MWang CLuo XZhou HRoychoudhury APaiva AAbreu RStorey M(2024)Are We There Yet? Unraveling the State-of-the-Art Smart Contract FuzzersProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639152(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639152
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: tools, analysis and countermeasures

Empirical vulnerability analysis of automated smart contracts security testing on blockchains

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations