Edinburgh Research Explorer

SolAnalyser: A Framework for Analysing and Testing Smart Contracts

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Related Edinburgh Organisations

Open Access permissions



Original languageEnglish
Title of host publicationSIF: A Framework for Solidity Contract Instrumentation and Analysis
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages8
ISBN (Electronic)978-1-7281-4648-5
ISBN (Print)978-1-7281-4649-2
Publication statusPublished - 2 Jan 2020
EventThe 26th Asia-Pacific Software Engineering Conference - Putrajaya, Malaysia
Duration: 2 Dec 20195 Dec 2019

Publication series

PublisherInstitute of Electrical and Electronics Engineers (IEEE)
ISSN (Print)1530-1362
ISSN (Electronic)2640-0715


ConferenceThe 26th Asia-Pacific Software Engineering Conference
Abbreviated titleAPSEC 2019
Internet address


Executing, verifying and enforcing credible transactions on permissionless blockchains is done using smart contracts. A key challenge with smart contracts is ensuring their correctness and security. To address this challenge, we present a fully automated technique, SolAnalyser, for vulnerability detection over Solidity smart contracts that uses both static and dynamic analysis. Analysis techniques in the literature rely on static analysis with a high rate of false positives or lack support for vulnerabilities like out of gas, unchecked send, timestamp dependency. Our tool, SolAnalyser, supports automated detection of 8 different vulnerability types that currently lack wide support in existing tools, and can easily be extended to support other types. We also implemented a fault seeding tool that injects different types of vulnerabilities in smart contracts. We use the mutated contracts for assessing the effectiveness of different analysis tools. Our experiment uses 1838 real contracts from which we generate 12866 mutated contracts by artificially seeding 8 different vulnerability types. We evaluate the effectiveness of our technique in revealing the seeded vulnerabilities and compare against five existing popular analysis tools – Oyente, Securify, Maian, SmartCheck and Mythril. This is the first large scale evaluation of existing tools that compares their effectiveness by running them on a common set of contracts. We find that our technique outperforms all five existing tools in supporting detection of all 8 vulnerability types and in achieving higher precision and recall rate. SolAnalyser was also faster in analysing the different vulnerabilities than any of the existing tools in our experiment.

    Research areas

  • blockchain, smart contract, testing, static analysis, assertions, fault seeding


The 26th Asia-Pacific Software Engineering Conference


Putrajaya, Malaysia

Event: Conference

Download statistics

No data available

ID: 118990633