A Framework and DataSet for Bugs in Ethereum Smart Contracts
Pengcheng Zhang,Feng Xiao,Xiapu Luo +2 more
- pp 139-150
TLDR
Wang et al. as mentioned in this paper collected as many smart contract bugs as possible from multiple sources and divided these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies, and designed the criteria for detecting each kind of bugs, and constructed a dataset of smart contracts covering all kinds of bugs.Abstract:
Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract’s bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.read more
Citations
More filters
Journal ArticleDOI
Blockchain-enabled fraud discovery through abnormal smart contract detection on Ethereum
TL;DR: A Heterogeneous Graph Transformer Networks (S_HGTNs) suitable for smart contract anomaly detection to detect financial fraud on the Ethereum platform is constructed.
Proceedings ArticleDOI
Source Code Obfuscation for Smart Contracts
TL;DR: Li et al. as discussed by the authors proposed a source code obfuscation approach for Ethereum smart contracts, which can effectively increase the complexity of a contract and evaluate the performance of static analysis tools when the original contracts are obfuscated.
Journal ArticleDOI
Review of Automated Vulnerability Analysis of Smart Contracts on Ethereum
TL;DR: A systematic literature review (SLR) to assess the state of the art regarding automated vulnerability analysis of smart contracts on Ethereum with a focus on classifications of vulnerabilities, detection methods, security analysis tools, and benchmarks for the assessment of tools.
A Hundred Attacks in Distributed Systems
TL;DR: This paper organizes many attacks that byzantine users may apply to take advantage of the loyal users of a system to ensure security in a distributed setting.
Journal ArticleDOI
Extended Abstract of Combine Sliced Joint Graph with Graph Neural Networks for Smart Contract Vulnerability Detection
TL;DR: Wang et al. as discussed by the authors proposed a GNN based approach for smart contract vulnerability detection, which combines abstract syntax tree (AST), control flow graph (CFG), and program dependency graph (PDG).
References
More filters
Proceedings ArticleDOI
Making Smart Contracts Smarter
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Posted Content
Making Smart Contracts Smarter.
TL;DR: Oyente as discussed by the authors is a symbolic execution tool to find potential security bugs in the execution of smart contracts based on Ethereum in an open distributed network like those of Bitcoin and Ethereum.
Book ChapterDOI
A Survey of Attacks on Ethereum Smart Contracts SoK
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Proceedings ArticleDOI
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)
TL;DR: The algorithms for dynamic taint analysis and forward symbolic execution are described as extensions to the run-time semantics of a general language to highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.
Posted Content
A survey of attacks on Ethereum smart contracts.
TL;DR: In this article, a taxonomy of common programming pitfalls which may lead to security vulnerabilities in Ethereum smart contracts is presented, and a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Related Papers (5)
How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection
Asem Ghaleb,Karthik Pattabiraman +1 more