Static Analysis Tools Applied to Smart Contracts
Resumo
Smart contracts are one of the most important innovations of the second generation of the Blockchain. They are widely used in various contexts, including financial, insurance, gaming, and betting. Once a smart contract is deployed on a Blockchain, due to its code immutability, residual vulnerabilities cannot be patched. Static analysis is an efficient method for vulnerability detection. This paper addresses the security evaluation and improvement of Solidity smart contracts through the use of static analysis tools, discussing: (i) the motivation and background, (ii) the evaluation of how good the tools are for improving security, (iii) their combination, and (iv) main results.
Palavras-chave:
security, vulnerability, smart contracts, Solidity, static analysis
Referências
S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system,” 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf. [Accessed: 01- Mar-2021].
N. Szabo, “Formalizing and Securing Relationships on Public Networks,” 1997.
Coindesk, “Understanding the DAO Attack,” 2016. [Online]. Available: https://www.coindesk.com/understanding-dao-hack-journalists. [Accessed: 21-Jan-2021].
V. Okun, W. F. Guthrie, R. Gaucher, and P. E. Black, “Effect of static analysis tools on software security: Preliminary investigation,” in Proceedings of the ACM QoT 2007, doi: 10.1145/1314257.1314260.
M. Staderini, C. Palli, and A. Bondavalli, “Classification of Ethereum Vulnerabilities and their Propagations,” in Proceedings of BCCA 2020, pp. 44–51, doi: 10.1109/BCCA50787.2020.9274458.
H. Chen, M. Pendleton, L. Njilla, and S. Xu, “A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses,” ACM Comput. Surv., vol. 53, no. 3, pp. 1–43, Jul. 2020, doi: 10.1145/3391195.
N. Szabo, “Formalizing and Securing Relationships on Public Networks,” 1997.
Coindesk, “Understanding the DAO Attack,” 2016. [Online]. Available: https://www.coindesk.com/understanding-dao-hack-journalists. [Accessed: 21-Jan-2021].
V. Okun, W. F. Guthrie, R. Gaucher, and P. E. Black, “Effect of static analysis tools on software security: Preliminary investigation,” in Proceedings of the ACM QoT 2007, doi: 10.1145/1314257.1314260.
M. Staderini, C. Palli, and A. Bondavalli, “Classification of Ethereum Vulnerabilities and their Propagations,” in Proceedings of BCCA 2020, pp. 44–51, doi: 10.1109/BCCA50787.2020.9274458.
H. Chen, M. Pendleton, L. Njilla, and S. Xu, “A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses,” ACM Comput. Surv., vol. 53, no. 3, pp. 1–43, Jul. 2020, doi: 10.1145/3391195.
Publicado
22/11/2021
Como Citar
STADERINI, Mirko; PATARICZA, András; BONDAVALLI, Andrea.
Static Analysis Tools Applied to Smart Contracts. In: FAST ABSTRACT - LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING (LADC), 10. , 2021, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 3-4.
DOI: https://doi.org/10.5753/ladc.2021.18529.
