Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 08:45 - 08:55 at Goguryeo - I17-Contracts and Analysis Chair(s): Jaechang Nam

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present an empirical evaluation of 9 state-of-the-art automated analysis tools using two new datasets: i) a dataset of 69 annotated vulnerable smart contracts that can be used to evaluate the precision of analysis tools; and ii) a dataset with all the smart contracts in the Ethereum Blockchain that have Soliditysource code available on Etherscan (a total of 47,518 contracts). The datasets are part of SmartBugs, a new extendable execution frame-work that we created to facilitate the integration and comparison between multiple analysis tools and the analysis of Ethereum smart contracts. We used SmartBugs to execute the 9 automated analysis tools on the two datasets. In total, we ran 428,337 analyses that took approximately 564 days and 3 hours, being the largest experimental setup to date both in the number of tools and in execution time. We found that only 42% of the vulnerabilities from our annotated dataset are detected by all the tools, with the toolMythrilhavingthe higher accuracy (27%). When considering the largest dataset, we observed that 97% of contracts are tagged as vulnerable, thus suggesting a considerable number of false positives. Indeed, only a small number of vulnerabilities (and of only two categories) were detected simultaneously by four or more tools.

Thu 9 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

08:05 - 09:05
I17-Contracts and AnalysisDemonstrations / Technical Papers / Software Engineering in Practice / Journal First at Goguryeo
Chair(s): Jaechang Nam Handong Global University
08:05
10m
Talk
How to reduce risk effectively in fixed price software developmentSEIP
Software Engineering in Practice
Volker Gruhn University Duisburg-Essen, Niklas Spitczok von Brisinski adesso AG
08:15
10m
Talk
Seraph: Enabling Cross-Platform Security Analysis For EVM and WASM Smart ContractsDemo
Demonstrations
Zhiqiang Yang Oxford-Hainan Blockchain Research Institute, Han Liu Tsinghua University, Yue Li Oxford-Hainan Blockchain Research Institute, Huixuan Zheng Oxford-Hainan Blockchain Research Institute, Lei Wang Oxford-Hainan Blockchain Research Institute, Bangdao Chen Oxford-Hainan Blockchain Research Institute
08:25
10m
Talk
Escape from Escape Analysis of GolangSEIP
Software Engineering in Practice
Cong Wang Tsinghua University, Mingrui Zhang Tsinghua University, Beijing, China, Yu Jiang , Huafeng Zhang Huawei Technologies, Hangzhou, China, Zhenchang Xing Australia National University, Ming Gu
08:35
10m
Talk
Smart Contract Development: Challenges and OpportunitiesJ1
Journal First
Weiqin Zou Nanjing University, David Lo Singapore Management University, Pavneet Singh Kochhar Microsoft, Xuan-Bach D. Le Singapore Management University, Singapore, Xin Xia Monash University, Yang Feng Nanjing University, Zhenyu Chen Nanjing University, Baowen Xu Nanjing University
08:45
10m
Talk
Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart ContractsArtifact ReusableTechnicalArtifact Available
Technical Papers
Thomas Durieux KTH Royal Institute of Technology, Sweden, João F. Ferreira INESC-ID and IST, University of Lisbon, Rui Abreu Instituto Superior Técnico, U. Lisboa & INESC-ID, Pedro Cruz IST, University of Lisbon, Portugal
Pre-print
08:55
10m
Talk
An Extended Abstract of “METRIC+: A Metamorphic Relation Identification Technique Based on Input Plus Output Domains”J1
Journal First
Chang-ai Sun University of Science and Technology Beijing, An Fu University of Science and Technology Beijing, Pak-Lok Poon School of Engineering & Technology, Central Queensland University, Australia, Xiaoyuan Xie School of Computer Science, Wuhan University, China, Huai Liu Swinburne University of Technology, Tsong Yueh Chen Swinburne University of Technology