Static Analysis of Integer Overflow of Smart Contracts in Ethereum

被引:27
|
作者
Lai, Enmei [1 ]
Luo, Wenjun [2 ]
机构
[1] Chongqing Univ Posts & Telecommun, Sch Comp Sci & Technol, Chongqing, Peoples R China
[2] Chongqing Univ Posts & Telecommun, Sch Cyber Secur & Informat Law, Chongqing, Peoples R China
来源
2020 4TH INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY (ICCSP 2020) | 2020年
关键词
smart contract; integer overflow; XPath; vulnerability detection;
D O I
10.1145/3377644.3377650
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In recent years, vulnerabilities of smart contracts have frequently break out. In particular, integer overflow of smart contracts, a high-risk vulnerability, has caused huge financial losses. However, most tools currently fail to detect integer overflow in smart contracts. In this paper, we summarize 11 types of integer overflow features for Solidity smart contracts in Ethereum and abstractly define 83 corresponding XPath patterns. And we design an extensible static analysis tool to detect common integer overflow vulnerabilities of Solidity smart contracts in Ethereum through the defined XPath patterns. To evaluate our tool, we tested 7,000 verified Solidity smart contracts and found that there were 430 smart contracts with vulnerabilities of integer overflow. Experimental results show that there are still high-risk vulnerabilities of integer overflow in verified smart contracts.
引用
收藏
页码:110 / 115
页数:6
相关论文
共 50 条
  • [1] Mutation Testing for Integer Overflow in Ethereum Smart Contracts
    Jinlei Sun
    Song Huang
    Changyou Zheng
    Tingyong Wang
    Cheng Zong
    Zhanwei Hui
    TsinghuaScienceandTechnology, 2022, 27 (01) : 27 - 40
  • [2] Mutation Testing for Integer Overflow in Ethereum Smart Contracts
    Sun, Jinlei
    Huang, Song
    Zheng, Changyou
    Wang, Tingyong
    Zong, Cheng
    Hui, Zhanwei
    TSINGHUA SCIENCE AND TECHNOLOGY, 2022, 27 (01) : 27 - 40
  • [3] SmartCheck: Static Analysis of Ethereum Smart Contracts
    Tikhomirov, Sergei
    Voskresenskaya, Ekaterina
    Ivanitskiy, Ivan
    Takhaviev, Ramil
    Marchenko, Evgeny
    Alexandrov, Yaroslav
    2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON EMERGING TRENDS IN SOFTWARE ENGINEERING FOR BLOCKCHAIN (WETSEB), 2018, : 9 - 16
  • [4] Foundations and Tools for the Static Analysis of Ethereum Smart Contracts
    Grishchenko, Ilya
    Maffei, Matteo
    Schneidewind, Clara
    COMPUTER AIDED VERIFICATION (CAV 2018), PT I, 2018, 10981 : 51 - 78
  • [5] Foundations and Techniques for the Static Analysis of Ethereum Smart Contracts
    Maffei, Matteo
    ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2019, (296): : 1 - 1
  • [6] OSIRIS: Hunting for Integer Bugs in Ethereum Smart Contracts
    Torres, Christof Ferreira
    Schuette, Julian
    State, Radu
    34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018), 2018, : 664 - 676
  • [7] Static Profiling and Optimization of Ethereum Smart Contracts Using Resource Analysis
    Correas, Jesus
    Gordillo, Pablo
    Roman-Diez, Guillermo
    IEEE ACCESS, 2021, 9 : 25495 - 25507
  • [8] eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts
    Schneidewind, Clara
    Grishchenko, Ilya
    Scherer, Markus
    Maffei, Matteo
    CCS '20: PROCEEDINGS OF THE 2020 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2020, : 621 - 640
  • [9] An Extensive Security Analysis on Ethereum Smart Contracts
    Ashouri, Mohammadreza
    SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2021, PT I, 2021, 398 : 144 - 163
  • [10] Detection and Analysis of Ethereum Energy Smart Contracts
    Lashkari, Bahareh
    Musilek, Petr
    APPLIED SCIENCES-BASEL, 2023, 13 (10):
12345