Edinburgh Research Explorer

SolAnalyser: A Framework for Analysing and Testing Smart Contracts

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Related Edinburgh Organisations

Open Access permissions

Open

Documents

https://ieeexplore.ieee.org/document/8945725
Original languageEnglish
Title of host publicationSIF: A Framework for Solidity Contract Instrumentation and Analysis
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages482-489
Number of pages8
ISBN (Electronic)978-1-7281-4648-5
ISBN (Print)978-1-7281-4649-2
DOIs
Publication statusPublished - 2 Jan 2020
EventThe 26th Asia-Pacific Software Engineering Conference - Putrajaya, Malaysia
Duration: 2 Dec 20195 Dec 2019
https://seminar.utmspace.edu.my/apsec2019/

Publication series

Name
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
ISSN (Print)1530-1362
ISSN (Electronic)2640-0715

Conference

ConferenceThe 26th Asia-Pacific Software Engineering Conference
Abbreviated titleAPSEC 2019
CountryMalaysia
CityPutrajaya
Period2/12/195/12/19
Internet address

Abstract

Executing, verifying and enforcing credible transactions on permissionless blockchains is done using smart contracts. A key challenge with smart contracts is ensuring their correctness and security. To address this challenge, we present a fully automated technique, SolAnalyser, for vulnerability detection over Solidity smart contracts that uses both static and dynamic analysis. Analysis techniques in the literature rely on static analysis with a high rate of false positives or lack support for vulnerabilities like out of gas, unchecked send, timestamp dependency. Our tool, SolAnalyser, supports automated detection of 8 different vulnerability types that currently lack wide support in existing tools, and can easily be extended to support other types. We also implemented a fault seeding tool that injects different types of vulnerabilities in smart contracts. We use the mutated contracts for assessing the effectiveness of different analysis tools. Our experiment uses 1838 real contracts from which we generate 12866 mutated contracts by artificially seeding 8 different vulnerability types. We evaluate the effectiveness of our technique in revealing the seeded vulnerabilities and compare against five existing popular analysis tools – Oyente, Securify, Maian, SmartCheck and Mythril. This is the first large scale evaluation of existing tools that compares their effectiveness by running them on a common set of contracts. We find that our technique outperforms all five existing tools in supporting detection of all 8 vulnerability types and in achieving higher precision and recall rate. SolAnalyser was also faster in analysing the different vulnerabilities than any of the existing tools in our experiment.

    Research areas

  • blockchain, smart contract, testing, static analysis, assertions, fault seeding

Event

The 26th Asia-Pacific Software Engineering Conference

2/12/195/12/19

Putrajaya, Malaysia

Event: Conference

Download statistics

No data available

ID: 118990633