Abstract

AbstractWith the rapid development of the blockchain, smart contract technology has been widely applied. The number of smart contracts has grown at a high rate and nearly at an average of thousands per day. However, the correctness and security of the smart contract itself are facing huge problems. The well-known DAO vulnerability, and Parity multi-signature wallet’ vulnerabilities have leaded to a hundreds of millions dollars loss, and they are both caused by the security problems of smart contracts. Once the smart contract vulnerability is exploited, it is very likely to bring the loss of cryptocurrencies, the disorder of the financial order and other catastrophic consequences. Therefore the security of smart contracts is imminent. This project has designed and implemented a vulnerability detection system of Ethereum smart contract. The system uses the assembly instruction sequences of the smart contract to generate the control flow graph, then performs symbolic execution and vulnerability constraint solving over the control flow. The system can detect some common types of vulnerabilities, such as the integer overflow and underflow vulnerability, reentry vulnerability and unchecked call return value vulnerability. It has a high accuracy of detection result, and gives support for export vulnerability report.

Highlights

  • Smart contracts are programs deployed on the Ethereum network and executed by the Ethereum virtual machine

  • This paper analyzes the characteristics of Ethereum smart contract vulnerabilities and proposes a smart contract vulnerability detection technology based on symbolic execution and constraint solving

  • We investigate the most common contract security issues and the most widely used smart contract vulnerability detection methods currently

Read more

Summary

Introduction

With the rise of Bitcoin, blockchain technology has gradually appeared in people’s vision. Ethereum is an open source decentralized blockchain platform, mainly used for the execution of smart contracts. The losses caused by the security issues of smart contracts have ranged from 30 million to 152 million dollars, and the upper limit number is still growing. This paper analyzes the characteristics of Ethereum smart contract vulnerabilities and proposes a smart contract vulnerability detection technology based on symbolic execution and constraint solving. Experimental results show that the technology can detect common vulnerabilities in 1552 different contracts with high accuracy. introduces the most current types of vulnerabilities in smart contracts; Sect. introduces framework design and vulnerability detection details of our system; Sect. introduces the experimental results of our vulnerability detection, the last section summarizes our main contributions

Related Work
Reentrancy Vulnerability
Integer Overflow Vulnerability
Unchecked Call Return Value Vulnerability
Control Flow Generation
Symbolic Execution
Vulnerability Detection
Constraint Solving
Findings
Conclusion
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.