SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts

Monika  di Angelo; Thomas Durieux; João F. Ferreira; Gernot  Salzer

doi:10.1109/ASE56229.2023.00060

SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts

Monika di Angelo, Thomas Durieux, João F. Ferreira, Gernot Salzer

Software Engineering

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

Abstract

Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis of smart contracts have been proposed. However, the lack of commonly accepted benchmark suites and performance metrics makes it difficult to compare and evaluate such tools. Moreover, the tools are heterogeneous in their interfaces and reports as well as their runtime requirements, and installing several tools is time-consuming. In this paper, we present SmartBugs 2.0, a modular execution framework. It provides a uniform interface to 19 tools aimed at smart contract analysis and accepts both Solidity source code and EVM bytecode as input. After describing its architecture, we highlight the features of the framework. We evaluate the framework via its reception by the community and illustrate its scalability by describing its role in a study involving 3.25 million analyses.

Original language	English
Title of host publication	Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Editors	Javier Gurrola
Place of Publication	Piscataway
Publisher	IEEE
Pages	2102-2105
Number of pages	4
ISBN (Electronic)	979-8-3503-2996-4
ISBN (Print)	979-8-3503-2997-1
DOIs	https://doi.org/10.1109/ASE56229.2023.00060
Publication status	Published - 2023
Event	38th IEEE/ACM International Conference on Automated Software Engineering - Luxembourg, Luxembourg Duration: 11 Sept 2023 → 15 Sept 2023 Conference number: 38

Conference

Conference	38th IEEE/ACM International Conference on Automated Software Engineering
Abbreviated title	ASE 2023
Country/Territory	Luxembourg
City	Luxembourg
Period	11/09/23 → 15/09/23

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Funding Information:
This project was partially supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) under project UIDB/50021/2020. The project was also partially supported by the CASTOR Software Research Centre.

Keywords

Bytecode
EVM
Solidity
Security
Vulnerability

Access to Document

10.1109/ASE56229.2023.00060

Cite this

@inproceedings{81b8b74d63da4de1a5cfaaeb023c37ba,

title = "SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts",

abstract = "Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis of smart contracts have been proposed. However, the lack of commonly accepted benchmark suites and performance metrics makes it difficult to compare and evaluate such tools. Moreover, the tools are heterogeneous in their interfaces and reports as well as their runtime requirements, and installing several tools is time-consuming. In this paper, we present SmartBugs 2.0, a modular execution framework. It provides a uniform interface to 19 tools aimed at smart contract analysis and accepts both Solidity source code and EVM bytecode as input. After describing its architecture, we highlight the features of the framework. We evaluate the framework via its reception by the community and illustrate its scalability by describing its role in a study involving 3.25 million analyses.",

keywords = "Bytecode, EVM, Solidity, Security, Vulnerability",

author = "{di Angelo}, Monika and Thomas Durieux and Ferreira, {Jo{\~a}o F.} and Gernot Salzer",

note = "Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. Funding Information: This project was partially supported by national funds through Funda{\c c}{\~a}o para a Ci{\^e}ncia e a Tecnologia (FCT) under project UIDB/50021/2020. The project was also partially supported by the CASTOR Software Research Centre.; 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023 ; Conference date: 11-09-2023 Through 15-09-2023",

year = "2023",

doi = "10.1109/ASE56229.2023.00060",

language = "English",

isbn = "979-8-3503-2997-1",

pages = "2102--2105",

editor = "Gurrola, {Javier }",

booktitle = "Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)",

publisher = "IEEE",

address = "United States",

}

di Angelo, M, Durieux, T, Ferreira, JF & Salzer, G 2023, SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts. in J Gurrola (ed.), Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, Piscataway, pp. 2102-2105, 38th IEEE/ACM International Conference on Automated Software Engineering, Luxembourg, Luxembourg, 11/09/23. https://doi.org/10.1109/ASE56229.2023.00060

SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts. / di Angelo, Monika ; Durieux, Thomas; Ferreira, João F. et al.
Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). ed. / Javier Gurrola. Piscataway: IEEE, 2023. p. 2102-2105.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts

AU - di Angelo, Monika

AU - Durieux, Thomas

AU - Ferreira, João F.

AU - Salzer, Gernot

N1 - Conference code: 38

PY - 2023

Y1 - 2023

N2 - Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis of smart contracts have been proposed. However, the lack of commonly accepted benchmark suites and performance metrics makes it difficult to compare and evaluate such tools. Moreover, the tools are heterogeneous in their interfaces and reports as well as their runtime requirements, and installing several tools is time-consuming. In this paper, we present SmartBugs 2.0, a modular execution framework. It provides a uniform interface to 19 tools aimed at smart contract analysis and accepts both Solidity source code and EVM bytecode as input. After describing its architecture, we highlight the features of the framework. We evaluate the framework via its reception by the community and illustrate its scalability by describing its role in a study involving 3.25 million analyses.

AB - Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis of smart contracts have been proposed. However, the lack of commonly accepted benchmark suites and performance metrics makes it difficult to compare and evaluate such tools. Moreover, the tools are heterogeneous in their interfaces and reports as well as their runtime requirements, and installing several tools is time-consuming. In this paper, we present SmartBugs 2.0, a modular execution framework. It provides a uniform interface to 19 tools aimed at smart contract analysis and accepts both Solidity source code and EVM bytecode as input. After describing its architecture, we highlight the features of the framework. We evaluate the framework via its reception by the community and illustrate its scalability by describing its role in a study involving 3.25 million analyses.

KW - Bytecode

KW - EVM

KW - Solidity

KW - Security

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85179006556&partnerID=8YFLogxK

U2 - 10.1109/ASE56229.2023.00060

DO - 10.1109/ASE56229.2023.00060

M3 - Conference contribution

SN - 979-8-3503-2997-1

SP - 2102

EP - 2105

BT - Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)

A2 - Gurrola, Javier

PB - IEEE

CY - Piscataway

T2 - 38th IEEE/ACM International Conference on Automated Software Engineering

Y2 - 11 September 2023 through 15 September 2023

ER -

SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this