Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study
AI-generated Key Points
⚠The license of the paper does not allow us to build upon its content and the key points are generated using the paper metadata rather than the full article.
- Blockchain technology has led to the creation of programs that manage valuable assets such as cryptocurrencies and tokens.
- These programs implement protocols for decentralized finance (DeFi), logistics, and logging where security is paramount.
- Developers and analysts rely on various tools to identify potential issues in these programs.
- It can be challenging for these tools and developers to keep up with the rapid evolution of blockchain technology.
- The study titled "Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study" focuses on Ethereum - the crypto ecosystem with the most developers and contracts by far - to investigate changes in tool behavior in terms of detected weaknesses, quality, and behavior, and agreements between tools.
- The authors are the first to fully cover the entire body of deployed bytecode on the Ethereum mainchain by considering bytecodes as equivalent if they share the same skeleton obtained by omitting functionally irrelevant parts.
- The study reduces 48 million contracts deployed on Ethereum to 248,328 contracts with distinct skeletons through bulk execution using SmartBugs alongside six other tools that accept bytecode.
- The execution of all 13 included tools took a total of 31 years.
- While these tools reported a total of 1,307,486 potential weaknesses over time there was a decreasing number of reported vulnerabilities with some tools degrading more than others.
- This comprehensive study provides insights into how automated weakness detection in Ethereum bytecode has evolved over time while highlighting areas that require further improvement for better security assurance in blockchain technology applications.
Authors: Monika di Angelo, Thomas Durieux, João F. Ferreira, Gernot Salzer
Abstract: Blockchain programs manage valuable assets like crypto-currencies and tokens, and implement protocols for decentralized finance (DeFi), logistics and logging, where security is important. To find potential issues, numerous tools support developers and analysts. Being a recent technology, blockchain technology and programs still evolve fast, making it challenging for tools and developers to keep up with the changes. In this work, we study the evolution of tools and patterns detected. We focus on Ethereum, the crypto ecosystem with most developers and most contracts, by far. We investigate the changes in the tools' behavior in terms of detected weaknesses, quality and behavior, and agreements between the tools. We are the first to fully cover the entire body of deployed bytecode on the Ethereum mainchain. We achieve full coverage by considering bytecodes as equivalent if they share the same skeleton. The skeleton of a bytecode is obtained by omitting functionally irrelevant parts. This reduces the 48 million contracts deployed on Ethereum to 248,328 contracts with distinct skeletons. For bulk execution, we utilize the open-source framework SmartBugs that facilitates the analysis of Solidity smart contracts, and enhance it to also accept bytecode as the only input. Moreover, we integrate six further tools that accept bytecode. The execution of the 13 included tools took 31 years in total. While the tools are reporting a total of 1,307,486 potential weaknesses, over time we observe a decreasing number of reported vulnerabilities and tools degrading to varying degrees.
Ask questions about this paper to our AI assistant
You can also chat with multiple papers at once here.
⚠The license of the paper does not allow us to build upon its content and the AI assistant only knows about the paper metadata rather than the full article.
Assess the quality of the AI-generated content by voting
Score: 1
Why do we need votes?
Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.
The previous summary was created more than a year ago and can be re-run (if necessary) by clicking on the Run button below.
⚠The license of this specific paper does not allow us to build upon its content and the summarizing tools will be run using the paper metadata rather than the full article. However, it still does a good job, and you can also try our tools on papers with more open licenses.
Look for similar papers (in beta version)
By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.
Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.