Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts-Reference-Cited by-同舟云学术

Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts

Published:2024-08-22 Issue: Volume: Page:
ISSN:2769-6480
Container-title:Distributed Ledger Technologies: Research and Practice
language:en
Short-container-title:Distrib. Ledger Technol.

Author:

Kado Chihiro¹^ORCID,Yanai Naoto¹^ORCID,Cruz Jason Paul¹^ORCID,Yamashita Kyosuke¹^ORCID,Okamura Shingo²^ORCID

Affiliation:

1. Osaka University, Japan

2. National Institute of Technology, Nara College, Japan

Abstract

Vulnerabilities in Ethereum smart contracts often cause significant financial damage. Whereas the Solidity compiler has been updated to mitigate vulnerabilities, the effectiveness of these updates remains undisclosed to the best of our knowledge. In this paper, we aim to shed light on the impact of compiler versions on reducing vulnerabilities in Ethereum smart contracts. To achieve this, we collected 497,344 contracts with Solidity source codes from the Ethereum blockchain and analyzed their vulnerabilities. For three vulnerabilities of high severity, i.e., Locked Money , Using tx.origin , and Unchecked Call , we illustrate their appearance rate changes, showing decreases attributed to major updates of the Solidity compiler. Subsequently, we found the following four key insights. Firstly, updates to version 0.6 and version 0.8 led to decreased appearance rates for Locked Money . Secondly, regardless of compiler updates, the appearance rate for Using tx.origin was significantly low. Thirdly, the appearance rate for Unchecked Call significantly decreased from version 0.5 to version 0.8. Lastly, as an incidental discovery from our empirical study, we identified implications for code clones, which merit attention from subsequent researchers and developers.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3688812

Reference35 articles.

1. Leonardo Alt, Martin Blicha, Antti E. J. Hyvärinen, and Natasha Sharygina. 2022. Solcmc: solidity compiler’s model checker. In Proc. of CAV 2022 (LNCS). Sharon Shoham and Yakir Vizel, (Eds.) Vol. 13371. Springer, 325–338.

2. A Survey of Tools for Analyzing Ethereum Smart Contracts

3. Nami Ashizawa, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2021. Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts. In Proc. of BSCI 2021. ACM, 47–59.

4. A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses;Chen Huashan;ACM Computing Surveys,2020

5. Yuichiro Chinen, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2020. RA: Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis. In Proc. of Blockchain 2020. IEEE, 327–336.