Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study
AI-generated Key Points
⚠The license of the paper does not allow us to build upon its content and the key points are generated using the paper metadata rather than the full article.
- Blockchain technology has led to the creation of programs that manage valuable assets such as cryptocurrencies and tokens.
- These programs implement protocols for decentralized finance (DeFi), logistics, and logging where security is paramount.
- Developers and analysts rely on various tools to identify potential issues in these programs.
- It can be challenging for these tools and developers to keep up with the rapid evolution of blockchain technology.
- The study titled "Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study" focuses on Ethereum - the crypto ecosystem with the most developers and contracts by far - to investigate changes in tool behavior in terms of detected weaknesses, quality, and behavior, and agreements between tools.
- The authors are the first to fully cover the entire body of deployed bytecode on the Ethereum mainchain by considering bytecodes as equivalent if they share the same skeleton obtained by omitting functionally irrelevant parts.
- The study reduces 48 million contracts deployed on Ethereum to 248,328 contracts with distinct skeletons through bulk execution using SmartBugs alongside six other tools that accept bytecode.
- The execution of all 13 included tools took a total of 31 years.
- While these tools reported a total of 1,307,486 potential weaknesses over time there was a decreasing number of reported vulnerabilities with some tools degrading more than others.
- This comprehensive study provides insights into how automated weakness detection in Ethereum bytecode has evolved over time while highlighting areas that require further improvement for better security assurance in blockchain technology applications.
Authors: Monika di Angelo, Thomas Durieux, João F. Ferreira, Gernot Salzer
Abstract: Blockchain programs manage valuable assets like crypto-currencies and tokens, and implement protocols for decentralized finance (DeFi), logistics and logging, where security is important. To find potential issues, numerous tools support developers and analysts. Being a recent technology, blockchain technology and programs still evolve fast, making it challenging for tools and developers to keep up with the changes. In this work, we study the evolution of tools and patterns detected. We focus on Ethereum, the crypto ecosystem with most developers and most contracts, by far. We investigate the changes in the tools' behavior in terms of detected weaknesses, quality and behavior, and agreements between the tools. We are the first to fully cover the entire body of deployed bytecode on the Ethereum mainchain. We achieve full coverage by considering bytecodes as equivalent if they share the same skeleton. The skeleton of a bytecode is obtained by omitting functionally irrelevant parts. This reduces the 48 million contracts deployed on Ethereum to 248,328 contracts with distinct skeletons. For bulk execution, we utilize the open-source framework SmartBugs that facilitates the analysis of Solidity smart contracts, and enhance it to also accept bytecode as the only input. Moreover, we integrate six further tools that accept bytecode. The execution of the 13 included tools took 31 years in total. While the tools are reporting a total of 1,307,486 potential weaknesses, over time we observe a decreasing number of reported vulnerabilities and tools degrading to varying degrees.
Ask questions about this paper to our AI assistant
You can also chat with multiple papers at once here.
⚠The license of the paper does not allow us to build upon its content and the AI assistant only knows about the paper metadata rather than the full article.
Welcome to our AI assistant! Here are some important things to keep in mind:
- The assistant will only answer questions related to this specific paper.
- Please note that this is not a bot for casual chatting.
- If you want the answer in a language other than the language you chose for navigating the website, simply add "TRANSLATE IN LANGUAGE L" at the end of your query (replace "LANGUAGE L" with the language of your choice).
- For example, you could ask "Can you extract the most important aspect of the paper? TRANSLATE IN SPANISH".
- If you want to keep the history of your questions/answers you should create an account.
Assess the quality of the AI-generated content by voting
Why do we need votes?
Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.
Look for similar papers (in beta version)
By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.
Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.