Practical Mitigation of Smart Contract Bugs

Jens-Rene, Giesen,; Andreina, Sébastien; Rodler, Michael; Karame, Ghassan; Davi, Lucas

doi:10.48550/arxiv.2203.00364

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The low-level functions are still present, and can be exploited if the access control is not correctly implemented. sGuard 84 and HCC 85 extend EVMPatch by extracting a CFG and data-flow pattern to patch reentrancy and arithmetic overflow in the bytecode level. Furthermore, both SMARTSHIELD and EVMPatch require significant intervention by developers in writing vulnerability detection instructions in the bytecode level, unlike GoHigh, which is completely automated.…”

Section: Patchingmentioning

confidence: 99%

A large‐scale empirical study of low‐level function use in Ethereum smart contracts and automated replacement

Pattabiraman

2022

Softw Pract Exp

View full text Add to dashboard Cite

The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high‐level programming language. The Solidity language (in its early versions) provides features to exercise fine‐grained control over smart contracts, whose usage is discouraged by later‐released Solidity documentation, but nonetheless supported in later versions for backward compatibility. We define these features as low‐level functions. However, the high‐volume of transactions and the improper use of low‐level functions lead to security exploits with heavy financial loss. Consequently, the documentation suggests secure alternatives to the use of low‐level functions. In this article, we first perform an empirical study on the use of low‐level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real‐world smart contracts. We find that low‐level functions are widely used and that the majority of these uses are gratuitous. We then propose GoHigh, a source‐to‐source transformation tool to eliminate low‐level function‐related vulnerabilities, by replacing low‐level functions with secure alternatives. Our experimental evaluation on the dataset shows that GoHigh successfully replaces all low‐level functions with 4.9% fewer compiler warnings. Further, no unintended side‐effects are introduced in 80% of the contracts, and the remaining 20% are not verifiable due to their external dependency. GoHigh saves more than 5% of the gas cost of the contract. Finally, GoHigh takes 7 s on average per contract.

show abstract

Section: Patchingmentioning

confidence: 99%

A large‐scale empirical study of low‐level function use in Ethereum smart contracts and automated replacement

Pattabiraman

2022

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

Practical Mitigation of Smart Contract Bugs

Cited by 1 publication

References 0 publications

A large‐scale empirical study of low‐level function use in Ethereum smart contracts and automated replacement

A large‐scale empirical study of low‐level function use in Ethereum smart contracts and automated replacement

Contact Info

Product

Resources

About