135 Hits in 4.1 sec

Slither: A Static Analysis Framework for Smart Contracts

Josselin Feist, Gustavo Grieco, Alex Groce
2019 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB)  
This paper describes Slither, a static analysis framework designed to provide rich information about Ethereum smart contracts.  ...  We compared tools using a large dataset of smart contracts and manually reviewed results for 1000 of the most used contracts.  ...  CONCLUSIONS AND FUTURE WORK We presented Slither, an open source static analysis framework for smart contracts. Slither is fast, robust, accurate, and provides rich information about smart contracts.  ... 
doi:10.1109/wetseb.2019.00008 dblp:conf/icse/FeistGG19 fatcat:zfxddq2qgjckriyfkwzbnzs2hu

MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract [article]

William Zhang, Sebastian Banescu, Leodardo Pasos, Steven Stewart, Vijay Ganesh
2019 arXiv   pre-print
We have implemented our technique in a tool called MPro, a scalable and automated smart contract analyzer based on the existing symbolic analysis tool Mythril-Classic and the static analysis tool Slither  ...  A significant advantage of combining symbolic with static analysis is that it scales much better than symbolic alone and does not have the problem of false positive that static analysis tools typically  ...  Slither is a highly scalable static analysis tool which analyzes a smart contract source code at the intermediate representation SlithIR level.  ... 
arXiv:1911.00570v1 fatcat:bpgx6qfoirfm3lxqbrsayh5g7y

Evaluating countermeasures for verifying the integrity of Ethereum smart contract applications

Suhwan Ji, Dohyung Kim, Hyeonseung Im
2021 IEEE Access  
SLITHER Slither [22] , [23] is an open-source Solidity static analysis framework written in Python 3, which supports automated detection of about 45 vulnerabilities and code optimizations that the compiler  ...  Echidna uses the Slither static analysis tool [22] , which we discuss below, in the preprocessing step to compile and analyze smart contracts and use information from Slither to improve fuzz testing.  ...  The content of a dockerfile is as follows:  ... 
doi:10.1109/access.2021.3091317 fatcat:kvmsmzmg2zaxdln3rnopnbykge

Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts [article]

Thomas Durieux, João F. Ferreira, Rui Abreu, Pedro Cruz
2019 arXiv   pre-print
The datasets are part of SmartBugs, a new extendable execution framework that we created to facilitate the integration and comparison between multiple analysis tools and the analysis of Ethereum smart  ...  the precision of analysis tools; and ii) a dataset with all the smart contracts in the Ethereum Blockchain that have Solidity source code available on Etherscan (a total of 47,518 contracts).  ...  e a Tecnologia (FCT), with the reference PTDC/CCI-COM/29300/2017.  ... 
arXiv:1910.10601v1 fatcat:sexzmhilejcgnaka2tnravhnwu

A Framework and DataSet for Bugs in Ethereum Smart Contracts [article]

Pengcheng Zhang, Feng Xiao, Xiapu Luo
2020 arXiv   pre-print
Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers  ...  Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of  ...  A CLASSIFICATION FRAMEWORK FOR SMART CONTRACT BUGS To build a comprehensive classification framework, we collect smart contract bugs from many sources, including academic literature, the Web, blogs, and  ... 
arXiv:2009.02066v1 fatcat:27emdv7fhjdnrmsysygrgohu7e

SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts [article]

Noama Fatima Samreen, Manar H. Alalfi
2021 arXiv   pre-print
In this paper, we propose a framework that combines static and dynamic analysis to detect Denial of Service (DoS) vulnerability due to an unexpected revert in Ethereum Smart Contracts.  ...  Our framework, SmartScan, statically scans smart contracts under test (SCUTs) to identify patterns that are potentially vulnerable in these SCUTs and then uses dynamic analysis to precisely confirm their  ...  CONCLUSION In this paper, a combined static and dynamic analysis framework is proposed to detect DoS-Unexpected Revert vulnerabilities in data-set of 500 real world Ethereum Smart Contracts collected from  ... 
arXiv:2105.02852v3 fatcat:jjl73mqrwrbxxavcdzrpp4i2tm

Tezla, an Intermediate Representation for Static Analysis of Michelson Smart Contracts [article]

João Santos Reis and Paul Crocker and Simão Melo de Sousa
2020 arXiv   pre-print
This paper introduces Tezla, an intermediate representation of Michelson smart contracts that eases the design of static smart contract analysers.  ...  In order to support our claim about the adequacy of Tezla, we develop a static analyser that takes advantage of the Tezla representation of Michelson smart contracts to prove simple but non-trivial properties  ...  Slither [11] , presented in 2019, is a static analysis framework for Ethereum smart contract.  ... 
arXiv:2005.11839v1 fatcat:336dq5jemvcixjaidp4ag56q2m

ScrawlD: A Dataset of Real World Ethereum Smart Contracts Labelled with Vulnerabilities [article]

Chavhan Sujeet Yashavant, Saurabh Kumar, Amey Karkare
2022 arXiv   pre-print
There is a need for an unbiased standard benchmark of real-world Ethereum smart contracts.  ...  Smart contracts on Ethereum handle millions of U.S. Dollars and other financial assets. In the past, attackers have exploited smart contracts to steal these assets.  ...  : Osiris [17] is a framework comprising symbolic execution and taint analysis.  ... 
arXiv:2202.11409v3 fatcat:3olhdjks4jcufnie2ar6gwmjwy

Smart Contracts: A Review of Security Threats Alongside an Analysis of Existing Solutions

Antonio López Vivar, Alberto Turégano Castedo, Ana Lucila Sandoval Orozco, García Villalba
2020 Entropy  
Smart contracts have gained a lot of popularity in recent times as they are a very powerful tool for the development of decentralised and automatic applications in many fields without the need for intermediaries  ...  This article provides a holistic view of security challenges associated with smart contracts, as well as the state of the art of available public domain tools.  ...  Slither Slither is a static analysis framework written in Python 3 with dependencies on the Solidity Compiler (Solc) [55] .  ... 
doi:10.3390/e22020203 pmid:33285978 fatcat:thlkoqkhhvfltkyf6f2zuwmu7y

What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)? [article]

Alex Groce and Josselin Feist and Gustavo Grieco and Michael Colburn
2020 arXiv   pre-print
In this paper we provide a summary of Ethereum smart contract audits performed for 23 professional stakeholders, avoiding the common problem of reporting issues mostly prevalent in low-quality contracts  ...  These audits were performed at a leading company in blockchain security, using both open-source and proprietary tools, as well as human code analysis performed by professional security engineers.  ...  In fact, a possible additional explanation for the difference of 36% data validation findings for smart contract audits and 51% for non-smart-contract audits could be that non-smart-contract audits have  ... 
arXiv:1911.07567v2 fatcat:3klw6ddtifgpbokxmozbopm6qm

Smart Contract: Attacks and Protections

Sarwar Sayeed, Hector Marco-Gisbert, Tom Caira
2020 IEEE Access  
A smart contract acts in a similar way to a traditional agreement but negates the necessity for the involvement of a third party.  ...  Once deployed to the blockchain, a smart contract cannot be modified or updated for security patches, thus encouraging developers to implement strong security strategies before deployment in order to avoid  ...  Most tools are mainly utilized for static and dynamic analysis of smart contract codes. A. SLITHER Slither is a static analysis framework for smart contract code [47] .  ... 
doi:10.1109/access.2020.2970495 fatcat:5ewcato5b5csxohptp3k5c6tp4

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns' Detection

Amir Ali, Zain Ul Abideen, Kalim Ullah, Farhan Ullah
2021 Security and Communication Networks  
To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries.  ...  To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis.  ...  Our solution is based on XPath and taint analysis. Most of the static analysis tools for smart contract give a large number of false positives.  ... 
doi:10.1155/2021/2897565 fatcat:7gt5efmez5dsph6yezpx5p2xju

ESBMC-Solidity: An SMT-Based Model Checker for Solidity Smart Contracts [article]

Kunjian Song, Nedas Matulevicius, Eddie B. de Lima Filho, Lucas C. Cordeiro
2021 arXiv   pre-print
A benchmark suite with vulnerable smart contracts was also developed for evaluation and comparison with other verification tools.  ...  This paper proposes a solidity frontend for the efficient SMT-based context-bounded model checker (ESBMC), named ESBMC-Solidity, which provides a way of verifying such contracts with its framework.  ...  It is used for lexical analysis and parsing, taking a smart contract as input and then transforming it into JSON AST, which is done with the argument --ast-compact-json.  ... 
arXiv:2111.13117v1 fatcat:uaf5uhgkdvf3zesa7zhr5fdo5y

Automated Generation of Test Cases for Smart Contract Security Analyzers

Ki Byung Kim, Jonghyup Lee
2020 IEEE Access  
Slither [19] is a static analysis framework for Solidity source code (higher than v. 0.4). It supports application programming interfaces for customized analysis of the source code.  ...  We consider the common weak points of static analysis and the quirks of smart contracts for the code elements.  ...  For the enclosure seed, then Figure 18c reveals that the condition on Line 2 is always false.  ... 
doi:10.1109/access.2020.3039990 fatcat:7zkbu4nb7ncezksn5cimllgfxe

Doublade: Unknown Vulnerability Detection in Smart Contracts Via Abstract Signature Matching and Refined Detection Rules [article]

Yinxing Xue, Yi Li University of Science and Technology of China, Nanyang Technological University
2019 arXiv   pre-print
Yet, there does not exist a high-quality benchmark of smart contract vulnerability for security research.  ...  With the prosperity of smart contracts and the blockchain technology, various security analyzers have been proposed from both the academia and industry to address the associated risks.  ...  There are some other tools that enable the static analysis for smart contracts.  ... 
arXiv:1912.04466v1 fatcat:7gvxhbuvprfiti4ufhdachxr4i
« Previous Showing results 1 — 15 out of 135 results