A Framework and DataSet for Bugs in Ethereum Smart Contracts

09/04/2020
by   Pengcheng Zhang, et al.
0

Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract's bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.

READ FULL TEXT
research
09/06/2020

DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode

Smart contracts are Turing-complete programs running on the blockchain. ...
research
03/01/2022

Practical Mitigation of Smart Contract Bugs

In spite of their popularity, developing secure smart contracts remains ...
research
05/23/2020

How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection

Security attacks targeting smart contracts have been on the rise, which ...
research
10/27/2018

Exploiting The Laws of Order in Smart Contracts

We investigate a family of bugs in blockchain-based smart contracts, whi...
research
05/25/2020

Towards Smart Hybrid Fuzzing for Smart Contracts

Smart contracts are Turing-complete programs that are executed across a ...
research
01/10/2023

Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting

Blockchain smart contracts have given rise to a variety of interesting a...
research
05/04/2019

Domain Specific Code Smells in Smart Contracts

Smart contracts are programs running on a blockchain. They are immutable...

Please sign up or login with your details

Forgot password? Click here to reset