Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts

Author:

Kado Chihiro1ORCID,Yanai Naoto1ORCID,Cruz Jason Paul1ORCID,Yamashita Kyosuke1ORCID,Okamura Shingo2ORCID

Affiliation:

1. Osaka University, Japan

2. National Institute of Technology, Nara College, Japan

Abstract

Vulnerabilities in Ethereum smart contracts often cause significant financial damage. Whereas the Solidity compiler has been updated to mitigate vulnerabilities, the effectiveness of these updates remains undisclosed to the best of our knowledge. In this paper, we aim to shed light on the impact of compiler versions on reducing vulnerabilities in Ethereum smart contracts. To achieve this, we collected 497,344 contracts with Solidity source codes from the Ethereum blockchain and analyzed their vulnerabilities. For three vulnerabilities of high severity, i.e., Locked Money , Using tx.origin , and Unchecked Call , we illustrate their appearance rate changes, showing decreases attributed to major updates of the Solidity compiler. Subsequently, we found the following four key insights. Firstly, updates to version 0.6 and version 0.8 led to decreased appearance rates for Locked Money . Secondly, regardless of compiler updates, the appearance rate for Using tx.origin was significantly low. Thirdly, the appearance rate for Unchecked Call significantly decreased from version 0.5 to version 0.8. Lastly, as an incidental discovery from our empirical study, we identified implications for code clones, which merit attention from subsequent researchers and developers.

Publisher

Association for Computing Machinery (ACM)

Reference35 articles.

1. Leonardo Alt, Martin Blicha, Antti E. J. Hyvärinen, and Natasha Sharygina. 2022. Solcmc: solidity compiler’s model checker. In Proc. of CAV 2022 (LNCS). Sharon Shoham and Yakir Vizel, (Eds.) Vol. 13371. Springer, 325–338.

2. A Survey of Tools for Analyzing Ethereum Smart Contracts

3. Nami Ashizawa, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2021. Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts. In Proc. of BSCI 2021. ACM, 47–59.

4. A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses;Chen Huashan;ACM Computing Surveys,2020

5. Yuichiro Chinen, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2020. RA: Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis. In Proc. of Blockchain 2020. IEEE, 327–336.

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3