Abstract
Smart contracts are a significant component that allows decentralized applications (DApps) to automate the exchange of digital assets without third-party surveillance. To build trust, smart contracts are designed to be immutable, resulting in design flaws that may remain unrevealed in deployed contracts. Many analysis tools are developed to identify various vulnerabilities that could be targeted by hackers after deployment and thus cause financial losses. However, these approaches based on graph classification rely much on the quality of control flow graphs (CFGs) generated from the bytecode of smart contracts. In this paper, we propose a novel generator named CFGCon to convert bytecodes of smart contracts to CFGs. After targeting the difficulties for the existing CFG generators, a program counter is designed to deal with the opcodes with loops or instructions that need to read the current counter. Experimental results show that our proposed CFGCon reached a much higher success rate than other state-of-art CFG generators on the dataset containing 579 open source contracts and 10,000 non-open source contracts from Ethereum. At the same time, the analysis speed of CFGCon is similar to that of the current mainstream tools.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: SAFEVM: a safety verifier for Ethereum smart contracts. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (STA 2019), pp. 386–389 (2019)
Albert, E., Gordillo, P., Livshits, B., Rubio, A., Sergey, I.: EthIR: a framework for high-level analysis of ethereum bytecode. In: Lahiri, S.K., Wang, C. (eds.) ATVA 2018. LNCS, vol. 11138, pp. 513–520. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01090-4_30
Albert, E., Gordillo, P., Rubio, A., Sergey, I.: Running on fumes: preventing out-of-gas vulnerabilities in Ethereum smart contracts using static resource analysis. In: Ganty, P., Kaâniche, M. (eds.) VECoS 2019. LNCS, vol. 11847, pp. 63–78. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35092-5_5
Almakhour, M., Sliman, L., Samhat, A.E., Mellouk, A.: Verification of smart contracts: a survey. Perv. Mobile Comput. 67, 101227 (2020)
Chang, J., Gao, B., Xiao, H., Sun, J., Cai, Y., Yang, Z.: sCompile: critical path identification and analysis for smart contracts. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 286–304. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_18
Chen, J., Xia, X., Lo, D., Grundy, J., Luo, X., Chen, T.: Defining smart contract defects on Ethereum. IEEE Trans. Software Eng. 48(1), 327–345 (2020)
Chen, J., Xia, X., Lo, D., Grundy, J., Luo, X., Chen, T.: DefectChecker: automated smart contract defect detection by analyzing EVM bytecode. IEEE Trans. Software Eng. 48(7), 2189–2207 (2021)
Chen, T., et al.: GasChecker: scalable analysis for discovering gas-inefficient smart contracts. IEEE Trans. Emerg. Top. Comput. 9(3), 1433–1448 (2020)
Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: Proceedings of the 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER 2017), pp. 442–446. IEEE (2017)
Contro, F., Crosara, M., Ceccato, M., Dalla Preda, M.: EtherSolve: computing an accurate control-flow graph from Ethereum bytecode. In: Proceedings of the 2021 IEEE/ACM 29th International Conference on Program Comprehension (ICPC 2021), pp. 127–137. IEEE (2021)
Grieco, G., Song, W., Cygan, A., Feist, J., Groce, A.: Echidna: effective, usable, and fast fuzzing for smart contracts. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (STA 2020), pp. 557–560 (2020)
He, S., Ren, W., Zhu, T., Choo, K.-K.R.: BoSMoS: a blockchain-based status monitoring system for defending against unauthorized software updating in industrial Internet of Things. IEEE Internet Things J. 7(2), 948–959 (2019)
Hernández Cerezo, A.: Integrating the EVM super-optimizer gasol into real-world compilers (2021)
Krupp, J., Rossow, C.: TEETHER: gnawing at ethereum to automatically exploit smart contracts. In: Proceedings of the 27th USENIX Security Symposium (USENIX Security 2018), pp. 1317–1333 (2018)
Li, T., et al.: FAPS: a fair, autonomous and privacy-preserving scheme for big data exchange based on oblivious transfer, ether cheque and smart contracts. Inf. Sci. 544, 469–484 (2021)
Li, X., Chen, T., Luo, X., Zhang, T., Yu, L., Xu, Z.: STAN: towards describing bytecodes of smart contract. In: Proceedings of the 2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS 2020), pp. 273–284. IEEE (2020)
Li, Y., Liu, H., Yang, Z., Ren, Q., Wang, L., Chen, B.: SAFEPAY on Ethereum: a framework for detecting unfair payments in smart contracts. In: Proceedings of the 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS 2020), pp. 1219–1222. IEEE (2020)
Lin, C., He, D., Huang, X., Choo, K.-K.R.: OBFP: optimized blockchain-based fair payment for outsourcing computations in cloud computing. IEEE Trans. Inf. Forensics Secur. 16, 3241–3253 (2021)
Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016), pp. 254–269 (2016)
Mohanta, B.K., Panda, S.S., Jena, D.: An overview of smart contract and use cases in blockchain technology. In: Proceedings of the 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT 2018), pp. 1–4. IEEE (2018)
Mueller, B.: Smashing Ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam 9, 54 (2018)
Shi, C., Xiang, Y., Yu, J., Gao, L., Sood, K., Doss, R.R.M.: A bytecode-based approach for smart contract classification. In: Proceedings of the 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2022), pp. 1046–1054. IEEE (2022)
Tolmach, P., Li, Y., Lin, S.-W., Liu, Y., Li, Z.: A survey of smart contract formal specification and verification. ACM Comput. Surv. 54(7), 1–38 (2021)
Torres, C.F., Jonker, H., State, R.: Elysium: automagically healing vulnerable smart contracts using context-aware patching. CoRR (2021)
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014), 1–32 (2014)
Zhu, D., Yue, F., Pang, J., Zhou, X., Han, W., Liu, F.: Bytecode similarity detection of smart contract across optimization options and compiler versions based on triplet network. Electronics 11(4), 597 (2022)
Acknowledgement
The research was financially supported by the Provincial Key Research and Development Program of Hubei (No. 2020BAB105), the Knowledge Innovation Program of Wuhan - Basic Research (No. 2022010801010197), the Opening Project of Engineering Research Center of Digital Forensics, Ministry of Education (No. 20220103), and the Opening Project of Nanchang Innovation Institute, Peking University (No. NCII2022A02).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xia, N., Zhang, Y., Ren, W., Chen, X. (2024). CFGCon: A Scheme for Accurately Generating Control Flow Graphs of Smart Contracts. In: Song, X., Feng, R., Chen, Y., Li, J., Min, G. (eds) Web and Big Data. APWeb-WAIM 2023. Lecture Notes in Computer Science, vol 14333. Springer, Singapore. https://doi.org/10.1007/978-981-97-2387-4_18
Download citation
DOI: https://doi.org/10.1007/978-981-97-2387-4_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2386-7
Online ISBN: 978-981-97-2387-4
eBook Packages: Computer ScienceComputer Science (R0)