A Framework and DataSet for Bugs in Ethereum Smart Contracts

09/04/2020
by   Pengcheng Zhang, et al.
0

Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract's bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 7

09/06/2020

DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode

Smart contracts are Turing-complete programs running on the blockchain. ...
03/01/2022

Practical Mitigation of Smart Contract Bugs

In spite of their popularity, developing secure smart contracts remains ...
05/23/2020

How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection

Security attacks targeting smart contracts have been on the rise, which ...
10/27/2018

Exploiting The Laws of Order in Smart Contracts

We investigate a family of bugs in blockchain-based smart contracts, whi...
05/25/2020

Towards Smart Hybrid Fuzzing for Smart Contracts

Smart contracts are Turing-complete programs that are executed across a ...
05/04/2019

Domain Specific Code Smells in Smart Contracts

Smart contracts are programs running on a blockchain. They are immutable...
11/21/2019

SolidityCheck : Quickly Detecting Smart Contract Problems Through Regular Expressions

As a blockchain platform that has developed vigorously in recent years, ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.