DEFECTCHECKER: Automated smart contract defect detection by analyzing EVM bytecode
作者: Ting Chen , David Lo , Xiapu Luo , Xin Xia , John C. Grundy
关键词:
摘要: Smart contracts are Turing-complete programs running on the blockchain. They immutable and cannot be modified, even when bugs detected. Therefore, ensuring smart bug-free well-designed before deploying them to blockchain is extremely important. A contract defect an error, flaw or fault in a that causes it produce incorrect unexpected result, behave unintended ways. Detecting removing defects can avoid potential make more robust. Our previous work defined 20 for divided into five impact levels. According our classification, with seriousness level between 1-3 lead unwanted behaviors, e.g., being controlled by attackers. In this paper, we propose DefectChecker, symbolic execution-based approach tool detect eight cause behaviors of Ethereum platform. DefectChecker from bytecode. We compare key works, including Oyente, Mythril Securify using open-source dataset. experimental results show performs much better than these tools terms both speed accuracy. also applied 165,621 distinct found 25,815 contain at least one belongs 1-3, some real-world attacks.
arxiv.org
harvard.edu
sci-hub.st 参考文章(26)
Ram Chillarege, Orthogonal defect classification international symposium on software reliability engineering. pp. 359- 400 ,(1996)
Leonardo de Moura, Nikolaj Bjørner, Z3: an efficient SMT solver tools and algorithms for construction and analysis of systems. pp. 337- 340 ,(2008) , 10.1007/978-3-540-78800-3_24
Clark Barrett, Roberto Sebastiani, Sanjit A Seshia, Cesare Tinelli, Satisfiability Modulo Theories Handbook of Satisfiability. pp. 305- 343 ,(2018) , 10.1007/978-3-319-10575-8_11
Israel Cohen, Yiteng Huang, Jingdong Chen, Jacob Benesty, Jacob Benesty, Jingdong Chen, Yiteng Huang, Israel Cohen, None, Pearson Correlation Coefficient Springer, Berlin, Heidelberg. pp. 1- 4 ,(2009) , 10.1007/978-3-642-00296-0_5
T.J. McCabe, A Complexity Measure IEEE Transactions on Software Engineering. ,vol. SE-2, pp. 308- 320 ,(1976) , 10.1109/TSE.1976.233837
Jacob Cohen, A Coefficient of agreement for nominal Scales Educational and Psychological Measurement. ,vol. 20, pp. 37- 46 ,(1960) , 10.1177/001316446002000104
Patrick Lam, Eric Bodden, Ondrej Lhoták, Laurie Hendren, Soot: a Java bytecode optimization framework conference of the centre for advanced studies on collaborative research. pp. 214- 224 ,(2010) , 10.1145/1925805.1925818
G. A. F. Seber, Linear regression analysis ,(1977)
Robert Tarjan, Depth-First Search and Linear Graph Algorithms SIAM Journal on Computing. ,vol. 1, pp. 146- 160 ,(1972) , 10.1137/0201010
Barbara Kitchenham, Procedures for Performing Systematic Reviews ,(2004)