SmartEmbed: A tool for clone and bug detection in smart contracts through structural code embedding

Ethereum has become a widely used platform to enable secure, Blockchain-based financial and business transactions. However, a major concern in Ethereum is the security of its smart contracts. Many identified bugs and vulnerabilities in smart contracts not only present challenges to maintenance of bl...

Full description

Saved in:
Bibliographic Details
Main Authors: GAO, Zhipeng, JAYASUNDARA, Magalle Hewa Vinoj Yasanga, JIANG, Lingxiao, XIA, Xin, LO, David, GRUNDY, John C.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/4814
https://ink.library.smu.edu.sg/context/sis_research/article/5817/viewcontent/icsme19smartembed_demo.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Ethereum has become a widely used platform to enable secure, Blockchain-based financial and business transactions. However, a major concern in Ethereum is the security of its smart contracts. Many identified bugs and vulnerabilities in smart contracts not only present challenges to maintenance of blockchain, but also lead to serious financial loses. There is a significant need to better assist developers in checking smart contracts and ensuring their reliability. In this paper, we propose a web service tool, named SMARTEMBED, which can help Solidity developers to find repetitive contract code and clone-related bugs in smart contracts. Our tool is based on code embeddings and similarity checking techniques. By comparing the similarities among the code embedding vectors for existing solidity code in the Ethereum blockchain and known bugs, we are able to efficiently identify code clones and clone-related bugs for any solidity code given by users, which can help to improve the users’ confidence in the reliability of their code. In addition to the uses by individual developers, SMARTEMBED can also be applied to studies of smart contracts in a large scale. When applied to more than 22K solidity contracts collected from the Ethereum blockchain, we found that the clone ratio of solidity code is close to 90%, much higher than traditional software, and 194 clonerelated bugs can be identified efficiently and accurately based on our small bug database with a precision of 96%. SMARTEMBED can be accessed at http://www.smartembed.net. A demo video of SMARTEMBED is at https://youtu.be/o9ylyOpYFq8