Towards Effective Static Analysis Approaches for Security Vulnerabilities in Smart Contracts

【Author】 Ghaleb, Asem

【Source】PROCEEDINGS OF THE 37TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, ASE 2022

【影响因子】

【Abstract】The growth in the popularity of smart contracts has been accompanied by a rise in security attacks targeting smart contracts, which have led to financial losses of millions of dollars and erosion of trust. To enable developers discover vulnerabilities in smart contracts, several static analysis tools have been proposed. However, despite the numerous bug-finding tools, security vulnerabilities abound in smart contracts, and developers rely on finding vulnerabilities manually. Our goal in this dissertation study is to expand the space of security vulnerabilities detection by proposing effective static analysis approaches for smart contracts. We study the effectiveness of the existing static analysis tools and propose solutions for security vulnerabilities detection relying on analyzing the dependency of the contract code on user inputs that lead to security vulnerabilities. Our results of evaluating static analysis tools show that existing static tools for smart contracts have significant false-negatives and false-positives. Further, the results show that our first vulnerability detection approach achieves a significant improvement in the effectiveness of detecting vulnerabilities compared to the prior work.

【Keywords】Ethereum; Solidity; smart contract vulnerabilities; bug injection; static analysis; taint analysis; data-flow analysis

【发表时间】2022

【收录时间】2023-10-14

【文献类型】实验仿真

【主题类别】

区块链治理-技术治理-智能合约漏洞检测