Abstract
Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis of smart contracts have been proposed. However, the lack of commonly accepted benchmark suites and performance metrics makes it difficult to compare and evaluate such tools. Moreover, the tools are heterogeneous in their interfaces and reports as well as their runtime requirements, and installing several tools is time-consuming. In this paper, we present SmartBugs 2.0, a modular execution framework. It provides a uniform interface to 19 tools aimed at smart contract analysis and accepts both Solidity source code and EVM bytecode as input. After describing its architecture, we highlight the features of the framework. We evaluate the framework via its reception by the community and illustrate its scalability by describing its role in a study involving 3.25 million analyses.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE) |
Editors | Javier Gurrola |
Place of Publication | Piscataway |
Publisher | IEEE |
Pages | 2102-2105 |
Number of pages | 4 |
ISBN (Electronic) | 979-8-3503-2996-4 |
ISBN (Print) | 979-8-3503-2997-1 |
DOIs | |
Publication status | Published - 2023 |
Event | 38th IEEE/ACM International Conference on Automated Software Engineering - Luxembourg, Luxembourg Duration: 11 Sept 2023 → 15 Sept 2023 Conference number: 38 |
Conference
Conference | 38th IEEE/ACM International Conference on Automated Software Engineering |
---|---|
Abbreviated title | ASE 2023 |
Country/Territory | Luxembourg |
City | Luxembourg |
Period | 11/09/23 → 15/09/23 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Funding Information:
This project was partially supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) under project UIDB/50021/2020. The project was also partially supported by the CASTOR Software Research Centre.
Keywords
- Bytecode
- EVM
- Solidity
- Security
- Vulnerability