Evaluation of Contemporary Smart Contract Analysis Tools
Abstract
Smart contracts are an innovative technology built into Blockchain 2.0 that enables the same program (business logic) to run on multiple nodes for consistent results. Smart contracts are widely used in current Blockchain systems such as Ethereum for different purposes such as transferring cryptocurrencies. However, smart contracts can be vulnerable due to intentional or unintentional injection of bugs, and due to the immutable nature of the Blockchain, any bugs or errors become permanent once published, which can lead to smart contract developers and users suffering from significant economic loss. To avoid such problems, it is necessary to perform vulnerabilities detection to the smart contracts before deployment, and a large number of analysis tools have also emerged to ensure the security. However, the quality of the analysis tools that currently exist on the market varies widely, and there is a lack of systematic quality assessment of these tools. Our research aims to fill this gap by conducting a systematic evaluation of some existing smart contract analysis tools.
Keywords
Evaluation, Smart Contracts, Vulnerability, Solidity, Analysis Tools.
PDF and Presentation
Unfortunately, my presentation in the conference was not recorded, so as an alternative, I have uploaded my backup presentation recorded in advance.PDF Video
Public Talk at ETH Engineering Group
Thanks to Dr. Peter Robinson from the University of Queensland, I was invited to deliver a public talk at the Ethereum Engineering Group Meet-up (https://www.meetup.com/ethereum-engineering/) discussing this research into smart contract vulnerability analysis tools.
The PDF of the slides can be downloaded here:
PDFAbout the Conference
The mission of ENASE (Evaluation of Novel Approaches to Software Engineering) is to be a prime international forum to discuss and publish research findings and IT industry experiences with relation to novel approaches to software engineering. The conference acknowledges evolution in systems and software thinking due to contemporary shifts of computing paradigm to e-services, cloud computing, mobile connectivity, business processes, and societal participation. By publishing the latest research on novel approaches to software engineering and by evaluating them against systems and software quality criteria, ENASE conferences advance knowledge and research in software engineering, including and emphasizing service-oriented, business-process driven, and ubiquitous mobile computing. ENASE aims at identifying most hopeful trends and proposing new directions for consideration by researchers and practitioners involved in large-scale systems and software development, integration, deployment, delivery, maintenance and evolution.
ENASE 2023 was held in Prague, Czech Republic | 24 - 25 April, 2023.
Accknowledgement
I would like to express my sincerest gratitude and respect to my supervisor, Professor Shiping Chen, who has been guiding me through the entire research with patience. At the beginning of the research, he had provided me with sufficient learning resources that helped me quickly established a solid knowledge background about the Blockchain and Smart Contract. Benefiting from his insightful suggestions and valuable experience, I was able to go back on track every time when I went astray. In addition, as an international student, I am also very grateful to the professor for his concern and guidance on my life in Sydney.
Besides, I would like to extend my gratitude to my nominal internal supervisor, Dr. Dong Yuan, who has helped and facilitated my research on campus.
I am also very grateful to Dr. Yan Liu (Emma), who is an expert in smart contract formal verification and also a friend of Dr. Shiping Chen. When my research reached a bottleneck, she had patiently listened to my progress and confusions, and then provided some very inspiring and practical suggestions based on her industrial experience, which has lifted my work to a higher level.
Moreover, I would like to appreciate Dr. Peter Robinson, who is the Technical Director and Applied Cryptographer from ConsenSys, for pointing out some inadequacies that existed in my research and some very insightful future directions during an online technical event held by Ethereum Engineering Group.
At last, I would like to extend my sincerest gratitude to my family and friends for their generous support and encouragement during the most stressful time in my studies, which had kept me motivated and confident.