Empirical Analysis of Vulnerabilities in Blockchain-based Smart Contracts

Abstract

With the evolution of technology, blockchain a swiftly impending phenomenon i.e., "decentralized computing” is observed. The emergence of Smart Contracts (SC) has resulted in advancements in the application of blockchain technology. The Ethereum network’s computing capabilities and functionalities are founded on the basis of SC. A smart contract is a self-executing agreement between buyer and seller with the terms of the settlement between them, written directly as lines of code, existing across a distributed decentralized blockchain network. It is a decentralized software that runs on a blockchain autonomously, consistently, and publicly. Conversely, due to the complex semantics of fundamental domain-specific languages and their testability, constructing reliable and secure SC can be extremely difficult. SC might contain some vulnerabilities. Security vulnerabilities can originate from financial tribulations; there are a number of notorious events that specify blockchain SC could comprise numerous code-security vulnerabilities. Security and privacy of blockchain-based SC are very important, we must first identify their vulnerabilities before implementing them widely. Therefore, the purpose of this paper is to conduct a comprehensive experimental evaluation of two current security testing tools: Remix solidity static analysis plugin and Solium which are used for static analysis of SC. We have conducted an empirical analysis of SC for finding tangible and factual evidence, controlled by the scientific approach. The methodology’s first step is to gather all of the Ethereum SC and store them in a repository. The next step is to use the Remix solidity static analysis plugin and Solium to perform vulnerability assessments. The last step is to analyze the result of both tools and evaluate them on the basis of accuracy and effectiveness. The goal of this empirical analysis is to evaluate the two FOSS tools: Remix solidity static analysis plugin and Solium on the basis of accuracy and effectiveness. Some research questions were considered to reach the stated goal: What automated tools and frameworks are proposed in supporting the state-of-the-art empirical approach to SC vulnerability detection? How accurate are security analysis tools? And which tool has more accuracy rate? How effectively security analysis tools are detecting vulnerabilities in SC? And which is the most effective security analysis tool? We investigated the effectiveness and accuracy of security code analysis tools on Ethereum by testing them on a random sample of vulnerable contracts. The results indicate that the tools have significant discrepancies when it comes to certain security characteristics. In terms of effectiveness and accuracy, the Remix plugin outperformed and beat the other tool.