Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study

03/18/2023
by   Monika di Angelo, et al.
0

Blockchain programs manage valuable assets like crypto-currencies and tokens, and implement protocols for decentralized finance (DeFi), logistics and logging, where security is important. To find potential issues, numerous tools support developers and analysts. Being a recent technology, blockchain technology and programs still evolve fast, making it challenging for tools and developers to keep up with the changes. In this work, we study the evolution of tools and patterns detected. We focus on Ethereum, the crypto ecosystem with most developers and most contracts, by far. We investigate the changes in the tools' behavior in terms of detected weaknesses, quality and behavior, and agreements between the tools. We are the first to fully cover the entire body of deployed bytecode on the Ethereum mainchain. We achieve full coverage by considering bytecodes as equivalent if they share the same skeleton. The skeleton of a bytecode is obtained by omitting functionally irrelevant parts. This reduces the 48 million contracts deployed on Ethereum to 248,328 contracts with distinct skeletons. For bulk execution, we utilize the open-source framework SmartBugs that facilitates the analysis of Solidity smart contracts, and enhance it to also accept bytecode as the only input. Moreover, we integrate six further tools that accept bytecode. The execution of the 13 included tools took 31 years in total. While the tools are reporting a total of 1,307,486 potential weaknesses, over time we observe a decreasing number of reported vulnerabilities and tools degrading to varying degrees.

READ FULL TEXT

page 23

page 27

page 29

research
10/23/2019

Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts

Over the last few years, there has been substantial research on automate...
research
06/08/2023

SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts

Smart contracts are blockchain programs that often handle valuable asset...
research
07/08/2020

SmartBugs: A Framework to Analyze Solidity Smart Contracts

Over the last few years, there has been substantial research on automate...
research
03/24/2023

Turn the Rudder: A Beacon of Reentrancy Detection for Smart Contracts on Ethereum

Smart contracts are programs deployed on a blockchain and are immutable ...
research
07/08/2019

Annotary: A Concolic Execution System for Developing Secure Smart Contracts

Ethereum smart contracts are executable programs, deployed on a peer-to-...
research
04/23/2023

Consolidation of Ground Truth Sets for Weakness Detection in Smart Contracts

Smart contracts are small programs on the blockchain that often handle v...
research
12/21/2022

Do NFTs' Owners Really Possess their Assets? A First Look at the NFT-to-Asset Connection Fragility

NFTs (Non-Fungible Tokens) have experienced an explosive growth and thei...

Please sign up or login with your details

Forgot password? Click here to reset