EtherSolve: Computing an Accurate Control-Flow Graph from Ethereum Bytecode

03/16/2021
by   Filippo Contro, et al.
0

Motivated by the immutable nature of Ethereum smart contracts and of their transactions, quite many approaches have been proposed to detect defects and security problems before smart contracts become persistent in the blockchain and they are granted control on substantial financial value. Because smart contracts source code might not be available, static analysis approaches mostly face the challenge of analysing compiled Ethereum bytecode, that is available directly from the official blockchain. However, due to the intrinsic complexity of Ethereum bytecode (especially in jump resolution), static analysis encounters significant obstacles that reduce the accuracy of exiting automated tools. This paper presents a novel static analysis algorithm based on the symbolic execution of the Ethereum operand stack that allows us to resolve jumps in Ethereum bytecode and to construct an accurate control-flow graph (CFG) of the compiled smart contracts. EtherSolve is a prototype implementation of our approach. Experimental results on a significant set of real world Ethereum smart contracts show that EtherSolve improves the accuracy of the execrated CFGs with respect to the state of the art available approaches. Many static analysis techniques are based on the CFG representation of the code and would therefore benefit from the accurate extraction of the CFG. For example, we implemented a simple extension of EtherSolve that allows to detect instances of the re-entrancy vulnerability.

READ FULL TEXT
research
05/06/2021

SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts

Blockchain technology (BT) Ethereum Smart Contracts allows programmable ...
research
01/14/2021

The Good, the Bad and the Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts

Ethereum smart contracts are distributed programs running on top of the ...
research
04/29/2020

Analyzing Smart Contracts: From EVM to a sound Control-Flow Graph

The EVM language is a simple stack-based language with words of 256 bits...
research
05/10/2018

EthIR: A Framework for High-Level Analysis of Ethereum Bytecode

Analyzing Ethereum bytecode, rather than the source code from which it w...
research
03/14/2023

Code Will Tell: Visual Identification of Ponzi Schemes on Ethereum

Ethereum has become a popular blockchain with smart contracts for invest...
research
09/15/2023

VulnSense: Efficient Vulnerability Detection in Ethereum Smart Contracts by Multimodal Learning with Graph Neural Network and Language Model

This paper presents VulnSense framework, a comprehensive approach to eff...
research
03/01/2022

Mining Domain Models in Ethereum DApps using Code Cloning

This research study explores the use of near-miss clone detection to sup...

Please sign up or login with your details

Forgot password? Click here to reset