SIF: A Framework for Solidity Contract Instrumentation and Analysis

Peng, Chao; Akca, Sefa; Rajan, Ajitha

doi:10.1109/apsec48747.2019.00069

Cited by 21 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Experimental Setup. The off-chain patch generation system is implemented in C++ based on SIF [22]; and the onchain protection system is based on go-ethereum 1.9.0. All experiments are conducted on the Linux server with 2.40 GHz 64-bit Intel Xeon CPU E5-2630 v3 processor with 8cores, 64 GB RAM, and the 18.04 Ubuntu operating system.…”

Section: Discussionmentioning

confidence: 99%

Aroc: An Automatic Repair Framework for On-Chain Smart Contracts

Jin

Wang

Wen

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Ongoing smart contract attack events have seriously impeded the practical application of blockchain. Although lots of researches have been conducted, they mostly focus on off-chain vulnerability detection. However, smart contracts cannot be modified once they have been deployed on-chain, thus existing techniques cannot protect those deployed contracts from being attacked. To mitigate this problem, we propose a general smart contract repairer named Aroc, which can automatically patch vulnerable deployed contracts without changing the contract codes. The core insight of Aroc is to generate patch contracts to abort malicious transactions in advance. Taking the three most serious bug types (i.e., reentrancy, arithmetic bugs, and unchecked low-level checks) as examples, we present how Aroc automatically repairs them on-chain. We conduct abundant evaluations on four kinds of datasets to evaluate the effectiveness and efficiency of Aroc. In particular, Aroc can repair 95.95% of the vulnerable contracts with an average correctness ratio of 93.32%. Meanwhile, Aroc introduces acceptable additional overheads to smart contract users and blockchain miners. When compared with the state-of-the-art techniques, Aroc introduces either fewer execution overheads or contract codes.

show abstract

Section: Discussionmentioning

confidence: 99%

Aroc: An Automatic Repair Framework for On-Chain Smart Contracts

Jin

Wang

Wen

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…Mutec is based on the Clang LibTooling framework that recursively visits the AST of C and C++ programs to seed faults of a given type. To support Solidity, we combine SIF [37], a Solidity instrumentation framework, with Mutec. Mutec marks locations of relevant operators for arithmetic, logical and relational mutations while SIF traverses the AST.…”

Section: Fault Seedingmentioning

confidence: 99%

Testing Smart Contracts

Akca

Peng

Rajan

2021

Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

Self Cite

View full text Add to dashboard Cite

Background: Executing, verifying and enforcing credible transactions on permissionless blockchains is done using smart contracts.A key challenge with smart contracts is ensuring their correctness and security. Several test input generation techniques for detecting vulnerabilities in smart contracts have been proposed in the last few years. However, a comparison of proposed techniques to gauge their effectiveness is missing. Aim: This paper conducts an empirical evaluation of testing techniques for smart contracts. The testing techniques we evaluated are: (1) Blackbox fuzzing, (2) Adaptive fuzzing, (3) Coverage-guided fuzzing with an SMT solver and (4) Genetic algorithm. We do not consider static analysis tools, as several recent studies have assessed and compared effectiveness of these tools. Method: We evaluate effectiveness of the test generation techniques using (1) Coverage achieved -we use four code coverage metrics targeting smart contracts, (2) Fault finding ability -using artificially seeded and real security vulnerabilities of different types. We used two datasets in our evaluation -one with 1665 real smart contracts from Etherscan, and another with 90 real contracts with known vulnerabilities to assess fault finding ability. Result: We find Adaptive fuzzing performs best in terms of coverage and fault finding over contracts in both datasets. Conclusion: However, we believe considering dependencies between functions and handling Solidity specific features will help improve the performance of all techniques considerably. CCS CONCEPTS• Security and privacy → Software security engineering.

show abstract

“…The tool cannot detect "divide by zero" error. A general framework SIF [17] can query, analyze and detect the abstract syntax tree (AST) of smart contract to generate reliable codes. It could build 7 tools as well to analyze smart contract codes, which help users to do customized operation for smart contract, and then to understand, analyze and improve the codes better.…”

Section: Related Workmentioning

confidence: 99%

Function-Level Dynamic Monitoring and Analysis System for Smart Contract

et al. 2020

View full text Add to dashboard Cite

The close integration of blockchain and smart contract technology has become an important foundation for current trusted applications. High-quality, high-efficiency and high-security codes have become basic requirements for smart contract applications because they are not easy to be modified after being deployed on blockchain. This paper proposes a function-level dynamic monitoring and analysis method for smart contract, and implements a prototype system. The method adds a "shadow stack" and related data structures to virtual machine of testing blockchain platform by analyzing the principle of function management with original stack, then monitors the bytecode after code instrumentation, records the function calling relationships as well as the relevant metrics of time, instruction number and gas consumption. The prototype system identifies contract inefficient behaviors using visualization and intelligent analysis methods, then forms a smart contract optimization closed loop through iterative improvement. Finally, the paper verified the high feasibility and applicability of the monitoring and analyzing method as well as prototype system's performance through experiments.

show abstract

SIF: A Framework for Solidity Contract Instrumentation and Analysis

Cited by 21 publications

References 12 publications

Aroc: An Automatic Repair Framework for On-Chain Smart Contracts

Aroc: An Automatic Repair Framework for On-Chain Smart Contracts

Testing Smart Contracts

Function-Level Dynamic Monitoring and Analysis System for Smart Contract

Contact Info

Product

Resources

About