Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 08:45 - 08:55 at Goguryeo - I17-Contracts and Analysis Chair(s): Jaechang Nam

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present an empirical evaluation of 9 state-of-the-art automated analysis tools using two new datasets: i) a dataset of 69 annotated vulnerable smart contracts that can be used to evaluate the precision of analysis tools; and ii) a dataset with all the smart contracts in the Ethereum Blockchain that have Soliditysource code available on Etherscan (a total of 47,518 contracts). The datasets are part of SmartBugs, a new extendable execution frame-work that we created to facilitate the integration and comparison between multiple analysis tools and the analysis of Ethereum smart contracts. We used SmartBugs to execute the 9 automated analysis tools on the two datasets. In total, we ran 428,337 analyses that took approximately 564 days and 3 hours, being the largest experimental setup to date both in the number of tools and in execution time. We found that only 42% of the vulnerabilities from our annotated dataset are detected by all the tools, with the toolMythrilhavingthe higher accuracy (27%). When considering the largest dataset, we observed that 97% of contracts are tagged as vulnerable, thus suggesting a considerable number of false positives. Indeed, only a small number of vulnerabilities (and of only two categories) were detected simultaneously by four or more tools.

Thu 9 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

08:05 - 09:05: Paper Presentations - I17-Contracts and Analysis at Goguryeo
Chair(s): Jaechang NamHandong Global University
icse-2020-Software-Engineering-in-Practice08:05 - 08:15
Volker GruhnUniversity Duisburg-Essen, Niklas Spitczok von Brisinskiadesso AG
Demonstrations08:15 - 08:25
Zhiqiang YangOxford-Hainan Blockchain Research Institute, Han LiuTsinghua University, Yue LiOxford-Hainan Blockchain Research Institute, Huixuan ZhengOxford-Hainan Blockchain Research Institute, Lei WangOxford-Hainan Blockchain Research Institute, Bangdao ChenOxford-Hainan Blockchain Research Institute
icse-2020-Software-Engineering-in-Practice08:25 - 08:35
Cong WangTsinghua University, Mingrui ZhangTsinghua University, Beijing, China, Yu Jiang, Huafeng ZhangHuawei Technologies, Hangzhou, China, Zhenchang XingAustralia National University, Ming Gu
icse-2020-Journal-First08:35 - 08:45
Weiqin ZouNanjing University, David LoSingapore Management University, Pavneet Singh KochharMicrosoft, Xuan-Bach D. LeSingapore Management University, Singapore, Xin XiaMonash University, Yang FengNanjing University, Zhenyu ChenNanjing University, Baowen XuNanjing University
icse-2020-papers08:45 - 08:55
Thomas DurieuxKTH Royal Institute of Technology, Sweden, João F. FerreiraINESC-ID and IST, University of Lisbon, Rui AbreuInstituto Superior Técnico, U. Lisboa & INESC-ID, Pedro CruzIST, University of Lisbon, Portugal
icse-2020-Journal-First08:55 - 09:05
Chang-ai SunUniversity of Science and Technology Beijing, An FuUniversity of Science and Technology Beijing, Pak-Lok PoonSchool of Engineering & Technology, Central Queensland University, Australia, Xiaoyuan XieSchool of Computer Science, Wuhan University, China, Huai LiuSwinburne University of Technology, Tsong Yueh ChenSwinburne University of Technology