Abstract:
Although many tools have been developed to detect anomalies in smart contracts, the evaluation of these analysis tools has been hindered by the lack of adequate anomalist...Show MoreMetadata
Abstract:
Although many tools have been developed to detect anomalies in smart contracts, the evaluation of these analysis tools has been hindered by the lack of adequate anomalistic real-world contracts (i.e., smart contracts with addresses on Ethereum to achieve certain purposes). This problem prevents conducting reliable performance assessments on the analysis tools. An effective way to solve this problem is to inject anomalies into real-world contracts and automatically label the locations and types of the injected anomalies. SolidiFI, as the first and only tool in this area, was developed to automatically inject anomalies into Ethereum smart contracts. However, SolidiFI is subject to the limitations from its methodologies (e.g., its injection accuracy and authenticity are low). To address these limitations, we propose an approach called SCAnoGenerator. SCAnoGenerator supports Solidity 0.5.x, 0.6.x, 0.7.x and enables automatic anomaly injection for Ethereum smart contracts via analyzing the contracts’ control and data flows. Based on this approach, we develop an open-source tool, which can inject 20 types of anomalies into smart contracts. The extensive experiments show that SCAnoGenerator outperforms SolidiFI on the number of injected anomaly types, injection accuracy, and injection authenticity. The experimental results also reveal that existing analysis tools can only partially detect the anomalies injected by SCAnoGenerator.
Published in: IEEE Transactions on Software Engineering ( Volume: 50, Issue: 11, November 2024)