Abstract
Recently, although state-of-the-art (SOTA) tools were designed and developed to analyze the vulnerabilities of smart contracts on Ethereum, security incidents caused by these vulnerabilities are still widespread. This can be attributed to the fact that each tool has various standards for judging the severity of vulnerabilities. More importantly, tools fail to identify all the vulnerabilities accurately and comprehensively as the evolution of vulnerabilities. To this end, we first propose a vulnerability assessment model to unify the vulnerability measurement standards. Next, we design a static analysis tool called SmartFast, which expresses the contract source code as a novel intermediate representation named SmartIR. Using preset rules and taint tracking technology, SmartFast matches SmartIR to locate the vulnerability code. Furthermore, SmartFast can recommend the optimization of the contract code automatically. Finally, we implement a prototype of SmartFast with 25K lines of code and compare it with 7 SOTA tools on three datasets (a total of 13,687 public contracts). The results indicate that SmartFast is efficient (only took a few seconds per contract) and robust (0.4% failure rate and resistance to the general code confusion methods). Besides, compared with other tools, SmartFast can detect more kinds of vulnerabilities (119) with a higher precision rate (98.43%) and a recall rate (85.12%), which confirms the conclusion of the theoretical analysis in the paper.
Similar content being viewed by others
Notes
The vulnerabilities are detailed in https://github.com/SmartContractTools/SmartFast/blob/main/VulnerabilityDescription.xlsx.
The code of patterns is detailed in https://github.com/SmartContractTools/SmartFast/tree/main/smartfast/smartfast/detectors.
SmartFast is available at https://github.com/SmartContractTools/SmartFast/tree/main/smartfast.
Examples of analysis reports is available on https://github.com/SmartContractTools/SmartFast/tree/main/Report.
The source code and execution result of contracts are available on https://github.com/SmartContractTools/SmartFast/tree/main/Dataset1.
For details on vulnerability detection of each tool, please refer to https://github.com/SmartContractTools/SmartFast/tree/main/VulnerabilityMapping.
The code is available on https://github.com/SmartContractTools/SmartFast/tree/main/Obfuscation.
See https://pypi.org/project/oscillo/ for details.
The contract code is detailed in https://github.com/SmartContractTools/SmartFast/tree/main/VulnerabilityIncidents.
References
Beosin (2020) Beosin: Blockchain security one-stop service. [EB/OL]. https://beosin.com/#/. Accessed 1 May 2021
Blockchain C (2018) Bamboo: a morphing smart contract language. [EB/OL]. https://github.com/cornellblockchain/bamboo. Accessed 1 May 2021
Bocek T, Stiller B (2018) Smart contracts–blockchains in the wings. In: Digital marketplaces unleashed. Springer, pp 169–184
Chen T, Cao R, Li T, Luo X, Gu G, Zhang Y, Liao Z, Zhu H, Chen G, He Z, Tang Y, Lin X, Zhang X (2020) SODA: a generic online detection framework for smart contracts. In: NDSS. The Internet Society
Choi J, Kim D, Kim S, Grieco G, Groce A, Cha S K (2021) SMARTIAN: enhancing smart contract fuzzing with static and dynamic data-flow analyses. In: ASE. IEEE, pp 227–239
Corporation M (2020) The z3 theorem prover. [EB/OL]. https://github.com/Z3Prover/z3. Accessed 1 May 2021
DappHub (2019) Formal verification of multicollateral dai in the k framework. [EB/OL]. https://github.com/dapphub/k-dss/. 1 Accessed May 2021
Durieux T, Ferreira J F, Abreu R, Cruz P (2020) Empirical review of automated analysis tools on 47, 587 ethereum smart contracts. In: ICSE. ACM, pp 530–541
Etherscan (2017) Contracts with verified source codes only. [EB/OL]. https://etherscan.io/contractsVerified. Accessed 1 May 2021
Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In: WETSEB@ICSE. IEEE/ACM, pp 8–15
Foundation E (2020) The solidity contract-oriented programming language. [EB/OL]. https://github.com/ethereum/solidity. Accessed 1 May 2021
Frank J, Aschermann C, Holz T (2020) ETHBMC: a bounded model checker for smart contracts. In: USENIX Security symposium. USENIX Association, pp 2757–2774
Grishchenko I, Maffei M, Schneidewind C (2018a) Ethertrust: sound static analysis of ethereum bytecode. Technische Universität Wien. Tech Rep
Grishchenko I, Maffei M, Schneidewind C (2018b) Foundations and tools for the static analysis of ethereum smart contracts. In: CAV (1), vol 10981. Springer. Lecture Notes in Computer Science, pp 51–78
Grishchenko I, Maffei M, Schneidewind C (2018c) A semantic framework for the security analysis of ethereum smart contracts. In: POST. Lecture Notes in Computer Science, vol 10804. Springer, pp 243–269
He J, Balunovic M, Ambroladze N, Tsankov P, Vechev M T (2019) Learning to fuzz from symbolic execution with application to smart contracts. In: CCS. ACM, pp 531–548
Hildenbrandt E, Saxena M, Rodrigues N, Zhu X, Daian P, Guth D, Moore B M, Park D, Zhang Y, Stefanescu A, Rosu G (2018) KEVM: a complete formal semantics of the ethereum virtual machine. In: CSF. IEEE Computer Society, pp 204–217
Jiao J, Kan S, Lin S, Sanán D, Liu Y, Sun J (2020) Semantic understanding of smart contracts: Executable operational semantics of solidity. In: IEEE S&P. IEEE, pp 1695–1712
Kalra S, Goel S, Dhawan M, Sharma S (2018) ZEUS: analyzing safety of smart contracts. In: NDSS. The Internet Society
Kasampalis T, Guth D, Moore B, Serbanuta T, Serbanuta V, Filaretti D, Rosu G, Johnson R (2018) Iele: an intermediate-level blockchain language designed and implemented using formal semantics. Tech. rep.
Krupp J, Rossow C (2018) Teether: gnawing at ethereum to automatically exploit smart contracts. In: USENIX security symposium. USENIX Association, pp 1317–1333
Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) Reguard: finding reentrancy bugs in smart contracts. In: ICSE. ACM, pp 65–68
Lu N, Wang B, Zhang Y, Shi W, Esposito C (2019) Neucheck: a more practical ethereum smart contract security analysis tool. Softw: Pract Exp
Luu L, Chu D, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: CCS. ACM, pp 254–269
Nguyen T D, Pham L H, Sun J, Lin Y, Minh QT (2020) sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: ICSE. ACM, pp 778–788
Nipkow T, Paulson L C, Wenzel M (2283) Isabelle/HOL—a proof assistant for higher-order logic. In: Lecture Notes in Computer Science. Springer
Permenev A, Dimitrov D, Tsankov P, Drachsler-Cohen D, Vechev MT (2020) Verx: safety verification of smart contracts. In: IEEE symposium on security and privacy. IEEE, pp 1661–1677
Reis J S, Crocker P A, de Sousa S M (2020) Tezla, an intermediate representation for static analysis of michelson smart contracts. In: FMBC@CAV, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, OASIcs, vol 84, pp 4:1–4:12
Rodler M, Li W, Karame G O, Davi L (2019) Sereum: protecting existing smart contracts against re-entrancy attacks. In: NDSS. The Internet Society
Schneidewind C, Grishchenko I, Scherer M, Maffei M (2020) Ethor: practical and provably sound static analysis of ethereum smart contracts. In: CCS. ACM, pp 621–640
Sergey I, Hobor A (2017) A concurrent perspective on smart contracts. In: Financial cryptography workshops. Lecture Notes In Computer Science, vol 10323. Springer, pp 478–493
Sergey I, Kumar A, Hobor A (2018) Scilla: a smart contract intermediate-level language. CoRR. arXiv:1801.00687
Software C (2020) Security analysis tool for evm bytecode. [EB/OL]. https://github.com/ConsenSys/mythril. Accessed 1 May 2021
Solidity (2020) Solidity v0.5.0 breaking changes. [EB/OL]. https://docs.soliditylang.org/en/v0.5.0/050-breaking-changes.html. Accessed 1 May 2021
SRI Lab E Z (2020) Securify v2.0. [EB/OL]. https://github.com/eth-sri/securify2. Accessed 1 May 2021
Team V (2020) Vyper documentation. [EB/OL]. https://vyper.readthedocs.io/en/latest/. Accessed 1 May 2021
Tezos (2020) Michelson: the language of smart contracts in dune. [EB/OL]. https://www.liquidity-lang.org/doc/reference/michelson.html. Accessed 1 May 2021
Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y (2018) Smartcheck: static analysis of ethereum smart contracts. In: WETSEB@ICSE. ACM, pp 9–16
Torres C F, Schütte J, State R (2018) Osiris: hunting for integer bugs in ethereum smart contracts. In: ACSAC. ACM, pp 664–676
Tsankov P, Dan A M, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M T (2018) Securify: practical security analysis of smart contracts. In: CCS. ACM, pp 67–82
Wood G, et al. (2014) Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014):1–32
Acknowledgements
This work was supported by the National Key R&D Program of China under Grant No.2021YFB2700603, National Natural Science Foundation of China under Grant No.62072487 and No.62172405, and Beijing Natural Science Foundation under Grant No.M21036.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper
Additional information
Communicated by: Yuan Zhang
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Li, Z., Lu, S., Zhang, R. et al. SmartFast: an accurate and robust formal analysis tool for Ethereum smart contracts. Empir Software Eng 27, 197 (2022). https://doi.org/10.1007/s10664-022-10218-2
Accepted:
Published:
DOI: https://doi.org/10.1007/s10664-022-10218-2