SmartBugs: A Framework to Analyze Solidity Smart Contracts

by   João F. Ferreira, et al.

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present SmartBugs, an extensible and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum. SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan. We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11 to 24


Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts

Over the last few years, there has been substantial research on automate...

Slither: A Static Analysis Framework For Smart Contracts

This paper describes Slither, a static analysis framework designed to pr...

ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks

In recent years, smart contracts have suffered major exploits, costing m...

Revizor: Testing Black-box CPUs against Speculation Contracts

Speculative vulnerabilities such as Spectre and Meltdown expose speculat...

EVMFuzz: Differential Fuzz Testing of Ethereum Virtual Machine

Ethereum Virtual Machine (EVM) is the run-time environment for smart con...

EVulHunter: Detecting Fake Transfer Vulnerabilities for EOSIO's Smart Contracts at Webassembly-level

As one of the representative Delegated Proof-of-Stake (DPoS) blockchain ...

Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts

Callbacks are essential in many programming environments, but drasticall...