Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (11): 89-101.doi: 10.11896/jsjkx.210600064

• Blockchain Technology • Previous Articles     Next Articles

Ethereum Smart Contract Bug Detection and Repair Approach Based on Regular Expressions, Program Instrumentation and Code Replacement

XIAO Feng1, ZHANG Peng-cheng1, LUO Xia-pu2   

  1. 1 College of Computer and Information,Hohai University,Nanjing 211100,China
    2 Department of Computing,The Hong Kong Polytechnic University,Hong Kong 999077,China
  • Received:2021-06-04 Revised:2021-07-02 Online:2021-11-15 Published:2021-11-10
  • About author:XIAO Feng,born in 1997,master.His main research interests include smart contract security and software engineering.
    ZHANG Peng-cheng,born in 1981,professor,is a senior memeber of China Computer Federation.His main research interests include software engineering,service computing and data mining.
  • Supported by:
    Fundamental Research Funds for the Central Universities(B210203107),National Natural Science Foundation of China(6157217) and Natural Science Foundation of the Higher Education Institutions of Jiangsu Province, China(BK20191297).

PDF (PC)

1063

Abstract: As the largest blockchain platform supporting smart contracts,millions of smart contracts have been deployed on Ethereum.Since the deployed smart contracts cannot be modified even if the contracts contain bugs,it is critical for developers to eliminate bugs prior to the deployment.Many smart contract analysis tools have been proposed.These tools either use bytecode-based symbolic execution to detect bugs,or convert the source code to an intermediate representation and then detect bugs.The tools based on symbolic execution usually cannot cover many types of bugs in source code.Converting the source code to an intermediate representation negatively impacts the detection speed.Moreover,these tools are bug detectors,which cannot automatically fix bugs based on analysis results.To address these limitations,we propose an approach named SolidityCheck,which employs regular expressions,program instrumentation and statement replacement in source code to quickly detect bugs and fix certain types of bugs.We conduct extensive experiments to evaluate SolidityCheck.The experimental results show that,compared with existing approaches,SolidityCheck demonstrates excellent performances on multiple indicators.

Key words: Ethereum, Program instrumentation, Regular expressions, Smart contract, Solidity

CLC Number: 

  • TP311.5
[1]WOOD G.Ethereum:A secure decentralised generalised transac-tion ledger[J].Ethereum Project Yellow Paper,2014,151:1-32.
[2]LUU L, CHU D H, OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.ACM,2016:254-269.
[3]TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I,et al. SmartCheck:static analysis of ethereum smart contracts[C]//1st International Workshop.IEEE Computer Society,2018.
[4]NIKOLIC I, KOLLURI A, SERGEY I,et al.Finding' thegreedy,prodigal,and suicidal contracts at scale[C]//Procee-dings of the 34th Annual Computer Security Applications Confe-rence.ACM,2018:653-663.
[5]ZHAO X,CHEN Z,XIN C,et al.The DAO attack paradoxes in propositional logic[C]//2017 4th International Conference on Systems and Informatics (ICSAI).IEEE,2017.
[6]DESTEFANIS G,BRACCIALI A,MARCHESI M,et al.Smart Contracts Vulnerabilities:A Call for Blockchain Software Engineering?[C]//IWBOSE.IEEE,2018.
[7]SAYEED S,MARCO-GISBERT H,CAIRA T.Smart Contract:Attacks and Protections[J].IEEE Access,2020,8,24416-24427.
[8]GRISHCHENKO I,MAFFEI M,SCHNEIDEWIND C.A se-mantic framework for the security analysis of ethereum smart contracts[C]//International Conference on Principles of Security and Trust.Cham:Springer,2018:243-269.
[9]ALBERT E,CORREAS J,GORDILLO P,et al.SAFEVM:A Safety Verifier for Ethereum Smart Contracts[C]//28th ACM SIGSOFT International Symposium.ACM,2019.
[10]ZHANG M,ZHANG P,LUO X,et al.Source Code Obfuscation for Smart Contracts[C]//2020 27th Asia-Pacific Software Engineering Conference (APSEC).2020.
[11]FERREIRA C,SCHÜTTE T.Osiris:Hunting for Integer Bugs in Ethereum Smart Contracts[C]//34th Annual Computer Security Applications Conference (ACSAĆ18).San Juan,Puerto Rico,USA,2018.
[12]TSANKOV P,DAN A,DRACHSLER-COHEN D,et al.Securify:Practical security analysis of smart contracts[C]//Procee-dings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:67-82.
[13]CHEN T,LI X,LUO X,et al.Under-Optimized Smart Contracts Devour Your Money[C]//SANER(IEEE International Confe-rence on Software Analysis,Evolution,and Reengineering) 2017.IEEE,2017.
[14]BRAGAGNOLO S,ROCHA H,DENKER M,et al.SmartIn-spect:Solidity Smart Contract Inspector[C]//International Workshop on Blockchain Oriented Software Engineering.IEEE Computer Society,2018:9-18.
[15]DURIEUX T,FERREIRA J F,ABREU R,et al.Empirical review of automated analysis tools on 47587 Ethereum smart contracts[C]//42nd International Conference on Software Engineering(ICSE'20).2020.
[16]LU N,WANG B,ZHANG Y,et al.NeuCheck:A more practical Ethereum smart contract security analysis tool[J].Software:Practice and Experience,2019,2,187-194.
[17]PARIZI R M,DEHGHANTANHA A,CHOO K K R,et al.Empirical vulnerability analysis of automated smart contracts security testing on blockchains[C]//the 28th Annual International Conference on Computer Science and Software Enginee-ring.IBM Corp.,2018.
[18]HUANG J C.Program Instrumentation and Software Testing[J].Computer,1978,11(4):25-32.
[19]HE P,YU G,ZHANG Y F,et al.Survey on Blockchain Technology and Its Application Prospect[J].Computer Science,2017,44(4):1-7,15.
[20]ATZEI N,BARTOLETTI M,CIMOLI T.A Survey of Attacks on Ethereum Smart Contracts (SoK)[C]//International Confe-rence on Principles of Security & Trust.Berlin:Springer,2017.
[21]ZHANG P,XIAO F, LUO X.A Framework and DataSet forBugs in Ethereum Smart Contracts[C]//the 36th 2020 IEEE International Conference on Software Maintenance and Evolution (ICSME).2020.
[22]Ethereum,2020:Solidity official documents[EB/OL].(2020-04-27) [2020-05-03].https://solidity.readthedocs.io/en/v0.5.10/.
[23]Openzeppelin,2020:Representative,problematic smart contracts[EB/OL].(2019-10-14) [2021-05-27].https://ethernaut.openzeppelin.com.
[24]SMARX,2021:The game of ethereum smart contract security[EB/OL].(2020-05-05) [2021-06-03].https://capturetheether.com/.
[25]AKCA S,RAJAN A,PENG C.SolAnalyser:A Framework for Analysing and Testing Smart Contracts[C]//2019 26th Asia-Pacific Software Engineering Conference (APSEC).2019.
[26]GRISHCHENKO I,MAFFEI M,SCHNEIDEWIND C.A Se-mantic Framework for the Security Analysis of Ethereum Smart Contracts[C]//International Conference on Principles of Secu-rity & Trust.Cham:Springer,2018.
[27]Zeppelin,2021:Safemath[EB/OL].(2019-05-20) [2021-06-03].https://github.com/OpenZeppelin/openzeppelin-solidity/blob/master/contracts/math/SafeMath.sol.
[28]T.of Bits,2021:Vulnerable smart contracts[EB/OL].(2019-06-27) [2021-06-03].https://github.com/crytic/not-so-smart-contracts.
[29]Smart Contract Security,2021:Smart contract weakness classification and test cases[EB/OL].(2020-04-22) [2021-06-02].https://swcregistry.io/.
[30]Ethereum,2021:Remix-ethereum ide[EB/OL].(2019-06-27)[2021-06-03].https://github.com/ethereum/remix-ide.
[31]Consen Sys,2021:Security analysis tool for evm bytecode.supports smart contracts built for ethereum,quorum,vechain,roostock,tron and other evm-compatible blockchains[EB/OL].(2020-06-23) [2021-06-01].https://github.com/ConsenSys/mithril.
[32]melonproject,2021:An analysis tool for smart contracts[EB/OL].(2019-08-30) [2021-05-24].https://github.com/melonproject/oyente.
[33]protofile,2021:This is an open source project for linting solidity code[EB/OL].(2019-10-17) [2021-06-03].https://github.com/protofire/solhint.
[34]C.A.ICE center,2021:Securify:security scanner for ethereum smart contracts[EB/OL].(2019-06-27) [2021-06-03].https://securify.chainsecurity.com/.
[35]smartdec,2021:Smartcheck,a static analysis tool that detects vulnerabilities and bugs in solidity programs (ethereum-based smart contracts)[EB/OL].(2019-05-20) [2021-06-03].https://tool.smartdec.net/.
[36]christoftorres,2021:A tool to detect integer bugs in ethereum smart contracts[EB/OL].(2019-10-10) [2021-06-03].https://github.com/christoftorres/Osiris.
[37]crytic,2021:Static analyzer for solidity[EB/OL].(2019-10-10) [2021-06-03].https://github.com/crytic/slither.
[38]FEIST J,GREICO G,GROCE A.Slither:A Static AnalysisFramework For Smart Contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).IEEE,2019.
[1] WANG Zi-kai, ZHU Jian, ZHANG Bo-jun, HU Kai. Research and Implementation of Parallel Method in Blockchain and Smart Contract [J]. Computer Science, 2022, 49(9): 312-317.
[2] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[3] FU Li-yu, LU Ge-hao, WU Yi-ming, LUO Ya-ling. Overview of Research and Development of Blockchain Technology [J]. Computer Science, 2022, 49(6A): 447-461.
[4] GAO Jian-bo, ZHANG Jia-shuo, LI Qing-shan, CHEN Zhong. RegLang:A Smart Contract Programming Language for Regulation [J]. Computer Science, 2022, 49(6A): 462-468.
[5] WEI Hong-ru, LI Si-yue, GUO Yong-hao. Secret Reconstruction Protocol Based on Smart Contract [J]. Computer Science, 2022, 49(6A): 469-473.
[6] ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61.
[7] LIU Feng, ZHANG Jia-hao, ZHOU Jun-jie, LI Mu, KONG De-li, YANG Jie, QI Jia-yin, ZHOU Ai-min. Novel Hash-time-lock-contract Based Cross-chain Token Swap Mechanism of Blockchain [J]. Computer Science, 2022, 49(1): 336-344.
[8] GUO Xian, WANG Yu-yue, FENG Tao, CAO Lai-cheng, JIANG Yong-bo, ZHANG Di. Blockchain-based Role-Delegation Access Control for Industrial Control System [J]. Computer Science, 2021, 48(9): 306-316.
[9] WANG Xiang-yu, YANG Ting. Routing Directory Server Defined by Smart Contract [J]. Computer Science, 2021, 48(6A): 504-508.
[10] GUO Shang-tong, WANG Rui-jin, ZHANG Feng-li. Summary of Principle and Application of Blockchain [J]. Computer Science, 2021, 48(2): 271-281.
[11] CHEN Zi-min, LU Yi-wen, GUO Yan. High-speed Replay of Ethereum Smart Contracts Based on Block Parallel [J]. Computer Science, 2021, 48(2): 289-294.
[12] WANG Hui, CHEN Bo, LIU Yu-xiang. Research on Personnel File Management System Based on Blockchain [J]. Computer Science, 2021, 48(11A): 713-718.
[13] DAI Chuang-chuang, LUAN Hai-jing, YANG Xue-ying, GUO Xiao-bing, LU Zhong-hua, NIU Bei-fang. Overview of Blockchain Technology [J]. Computer Science, 2021, 48(11A): 500-508.
[14] LING Fei, CHEN Shi-ping. Shared Digital Credits Management Mechanism of Enterprise Alliance Based on Blockchain [J]. Computer Science, 2021, 48(11A): 533-539.
[15] CHEN Xian-lai, ZHAO Xiao-yu, ZENG Gong-mian, AN Ying. Online Patient Communication Model Based on Blockchain [J]. Computer Science, 2021, 48(11): 28-35.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.