Abstract
The second generation of blockchain represented by smart contracts has been developing vigorously in recent years. However, frequent smart contract vulnerability incidents pose a serious risk to blockchain ecosystem security. Since current symbol execution tools often fall into path explosion and thus lead to inefficient detection, this paper expands Mythril's framework to optimize its performance. Firstly, it finds out potential vulnerable code regions using static analysis and identifies critical paths that may have security defects. Then, aiming at the problem that traditional search algorithms cannot actively locate and explore critical paths, this paper presents a multi-objective oriented path search (MOPS) strategy based on path priority. This strategy guides dynamic symbolic execution to cover critical paths quickly, avoiding blind traversal of program execution paths. Finally, it describes security rules and proposes corresponding detection logics for different vulnerability categories. This paper analyzes over 1000 smart contracts extracted from Etherscan. Compared with existing tools based on symbolic execution, the proposed method can reduce time consumption by around 35% while ensuring the accuracy of vulnerability detection. Moreover, existing tools often issue warnings that do not actually cause financial losses. But the proposed method only concentrates on code regions related to transfer of funds, so it can reduce the false alarm rate to some extent.
Highlights
Smart contract expands the application of blockchain technology outside the financial sector, marking the arrival of the Blockchain 2.0 era [1]
Unlike similar symbolic execution tools that analyze all program paths, this work only focuses on paths that are related to Ether transfer and performs dynamic analysis on them
The results show that when compared to cutting-edge tools like Oyente and Mythril, the proposed method consumes much less detection time and incurs lower false positives to some extent
Summary
Smart contract expands the application of blockchain technology outside the financial sector, marking the arrival of the Blockchain 2.0 era [1]. With the widespread use of Decentralized Application (DApp), the number of smart contracts is growing explosively. Smart contracts involve a large number of digital assets and are immutable upon deployment, so they face even more severe security situation than traditional software [2]. Since 2016, various smart contract vulnerabilities have been exposed in numerous security incidents, causing huge property losses. Smart contract security mainly depends on developers’ skill and code auditing experience. It is very laborious and time-consuming due to the increasing number and complexity of smart contracts.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
