DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode

Smart contracts are Turing-complete programs running on the blockchain. They are immutable and cannot be modified, even when bugs are detected. Therefore, ensuring smart contracts are bug-free and well-designed before deploying them to the blockchain is extremely important. A contract defect is an e...

Full description

Saved in:
Bibliographic Details
Main Authors: CHEN, Jiachi, XIA, Xin, LO, David, GRUNDY, John, LUO, Xiapu, CHEN, Ting
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2022
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7665
https://ink.library.smu.edu.sg/context/sis_research/article/8668/viewcontent/2009.02663.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8668
record_format dspace
spelling sg-smu-ink.sis_research-86682023-01-10T03:42:02Z DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode CHEN, Jiachi XIA, Xin LO, David GRUNDY, John LUO, Xiapu CHEN, Ting Smart contracts are Turing-complete programs running on the blockchain. They are immutable and cannot be modified, even when bugs are detected. Therefore, ensuring smart contracts are bug-free and well-designed before deploying them to the blockchain is extremely important. A contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Detecting and removing contract defects can avoid potential bugs and make programs more robust. Our previous work defined 20 contract defects for smart contracts and divided them into five impact levels. According to our classification, contract defects with seriousness level between 1-3 can lead to unwanted behaviors, e.g., a contract being controlled by attackers. In this paper, we propose DefectChecker, a symbolic execution-based approach and tool to detect eight contract defects that can cause unwanted behaviors of smart contracts on the Ethereum blockchain platform. DefectChecker can detect contract defects from smart contracts’ bytecode. We verify the performance of DefectChecker by applying it to an open-source dataset. Our evaluation results show that DefectChecker obtains a high F-score (88.8% in the whole dataset) and only requires 0.15s to analyze one smart contract on average. We also applied DefectChecker to 165,621 distinct smart contracts on the Ethereum platform. We found that 25,815 of these smart contracts contain at least one of the contract defects that belongs to impact level 1-3, including some real-world attacks. 2022-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7665 info:doi/10.1109/TSE.2021.3054928 https://ink.library.smu.edu.sg/context/sis_research/article/8668/viewcontent/2009.02663.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Smart Contracts Ethereum Contract Defects Detection Bytecode Analyze Symbolic Execution Databases and Information Systems Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Smart Contracts
Ethereum
Contract Defects Detection
Bytecode Analyze
Symbolic Execution
Databases and Information Systems
Software Engineering
spellingShingle Smart Contracts
Ethereum
Contract Defects Detection
Bytecode Analyze
Symbolic Execution
Databases and Information Systems
Software Engineering
CHEN, Jiachi
XIA, Xin
LO, David
GRUNDY, John
LUO, Xiapu
CHEN, Ting
DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode
description Smart contracts are Turing-complete programs running on the blockchain. They are immutable and cannot be modified, even when bugs are detected. Therefore, ensuring smart contracts are bug-free and well-designed before deploying them to the blockchain is extremely important. A contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Detecting and removing contract defects can avoid potential bugs and make programs more robust. Our previous work defined 20 contract defects for smart contracts and divided them into five impact levels. According to our classification, contract defects with seriousness level between 1-3 can lead to unwanted behaviors, e.g., a contract being controlled by attackers. In this paper, we propose DefectChecker, a symbolic execution-based approach and tool to detect eight contract defects that can cause unwanted behaviors of smart contracts on the Ethereum blockchain platform. DefectChecker can detect contract defects from smart contracts’ bytecode. We verify the performance of DefectChecker by applying it to an open-source dataset. Our evaluation results show that DefectChecker obtains a high F-score (88.8% in the whole dataset) and only requires 0.15s to analyze one smart contract on average. We also applied DefectChecker to 165,621 distinct smart contracts on the Ethereum platform. We found that 25,815 of these smart contracts contain at least one of the contract defects that belongs to impact level 1-3, including some real-world attacks.
format text
author CHEN, Jiachi
XIA, Xin
LO, David
GRUNDY, John
LUO, Xiapu
CHEN, Ting
author_facet CHEN, Jiachi
XIA, Xin
LO, David
GRUNDY, John
LUO, Xiapu
CHEN, Ting
author_sort CHEN, Jiachi
title DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode
title_short DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode
title_full DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode
title_fullStr DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode
title_full_unstemmed DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode
title_sort defectchecker: automated smart contract defect detection by analyzing evm bytecode
publisher Institutional Knowledge at Singapore Management University
publishDate 2022
url https://ink.library.smu.edu.sg/sis_research/7665
https://ink.library.smu.edu.sg/context/sis_research/article/8668/viewcontent/2009.02663.pdf
_version_ 1770576410485719040