A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts

Ting Chen, Zihao Li, Yufei Zhang, Xiapu Luo, Ting Wang, Teng Hu, Xiuzhuo Xiao, Dong Wang, Jin Huang, Xiaosong Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Background: Millions of smart contracts have been deployed to Ethereum for providing various applications. Recent studies discovered many severe security and performance issues in smart contracts by applying static program analysis techniques to them. Given a smart contract, the majority of these analysis techniques need to first construct its control flow graph, which connects basic blocks through control flow transfers (CFTs), before conducting further analysis. Aims: The objective of this work is to understand the capabilities of static program analysis techniques to identify CFTs, and to investigate how static program analysis techniques can be improved if the CFTs are complemented. Method: We perform a comprehensive empirical study on six widely-used tools for smart contract analysis by using all deployed smart contracts to understand their capabilities to recognize CFTs. We capture all execution traces of all smart contracts to evaluate the number of CFTs covered by traces that are not found by those tools. We enhance a state-of-the-art tool, OYENTE for discovering vulnerabilities in smart contracts with the CFTs covered by traces to investigate how the tool is improved. Results: These studied tools fail to identify all CFTs due to several reasons, e.g., incomplete code patterns. Execution traces effectively complement these tool in recognizing CFTs. By including the CFTs covered by traces, the false negative rate of OYENTE can be reduced by up to 30%. Conclusions: Our study underlines the ineffectiveness of static analysis techniques due to the incapabilities of CFT identification.

Original languageEnglish (US)
Title of host publicationProceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019
PublisherIEEE Computer Society
ISBN (Electronic)9781728129686
DOIs
StatePublished - Sep 2019
Event13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019 - Porto de Galinhas, Pernambuco, Brazil
Duration: Sep 19 2019Sep 20 2019

Publication series

NameInternational Symposium on Empirical Software Engineering and Measurement
Volume2019-Septemer
ISSN (Print)1949-3770
ISSN (Electronic)1949-3789

Conference

Conference13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019
CountryBrazil
CityPorto de Galinhas, Pernambuco
Period9/19/199/20/19

Fingerprint

Flow control
Flow graphs
Static analysis

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Software

Cite this

Chen, T., Li, Z., Zhang, Y., Luo, X., Wang, T., Hu, T., ... Zhang, X. (2019). A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts. In Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019 [8870156] (International Symposium on Empirical Software Engineering and Measurement; Vol. 2019-Septemer). IEEE Computer Society. https://doi.org/10.1109/ESEM.2019.8870156
Chen, Ting ; Li, Zihao ; Zhang, Yufei ; Luo, Xiapu ; Wang, Ting ; Hu, Teng ; Xiao, Xiuzhuo ; Wang, Dong ; Huang, Jin ; Zhang, Xiaosong. / A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts. Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019. IEEE Computer Society, 2019. (International Symposium on Empirical Software Engineering and Measurement).
@inproceedings{e2589f0cae7e475cac7a820d7a132f4a,
title = "A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts",
abstract = "Background: Millions of smart contracts have been deployed to Ethereum for providing various applications. Recent studies discovered many severe security and performance issues in smart contracts by applying static program analysis techniques to them. Given a smart contract, the majority of these analysis techniques need to first construct its control flow graph, which connects basic blocks through control flow transfers (CFTs), before conducting further analysis. Aims: The objective of this work is to understand the capabilities of static program analysis techniques to identify CFTs, and to investigate how static program analysis techniques can be improved if the CFTs are complemented. Method: We perform a comprehensive empirical study on six widely-used tools for smart contract analysis by using all deployed smart contracts to understand their capabilities to recognize CFTs. We capture all execution traces of all smart contracts to evaluate the number of CFTs covered by traces that are not found by those tools. We enhance a state-of-the-art tool, OYENTE for discovering vulnerabilities in smart contracts with the CFTs covered by traces to investigate how the tool is improved. Results: These studied tools fail to identify all CFTs due to several reasons, e.g., incomplete code patterns. Execution traces effectively complement these tool in recognizing CFTs. By including the CFTs covered by traces, the false negative rate of OYENTE can be reduced by up to 30{\%}. Conclusions: Our study underlines the ineffectiveness of static analysis techniques due to the incapabilities of CFT identification.",
author = "Ting Chen and Zihao Li and Yufei Zhang and Xiapu Luo and Ting Wang and Teng Hu and Xiuzhuo Xiao and Dong Wang and Jin Huang and Xiaosong Zhang",
year = "2019",
month = "9",
doi = "10.1109/ESEM.2019.8870156",
language = "English (US)",
series = "International Symposium on Empirical Software Engineering and Measurement",
publisher = "IEEE Computer Society",
booktitle = "Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019",
address = "United States",

}

Chen, T, Li, Z, Zhang, Y, Luo, X, Wang, T, Hu, T, Xiao, X, Wang, D, Huang, J & Zhang, X 2019, A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts. in Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019., 8870156, International Symposium on Empirical Software Engineering and Measurement, vol. 2019-Septemer, IEEE Computer Society, 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019, Porto de Galinhas, Pernambuco, Brazil, 9/19/19. https://doi.org/10.1109/ESEM.2019.8870156

A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts. / Chen, Ting; Li, Zihao; Zhang, Yufei; Luo, Xiapu; Wang, Ting; Hu, Teng; Xiao, Xiuzhuo; Wang, Dong; Huang, Jin; Zhang, Xiaosong.

Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019. IEEE Computer Society, 2019. 8870156 (International Symposium on Empirical Software Engineering and Measurement; Vol. 2019-Septemer).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts

AU - Chen, Ting

AU - Li, Zihao

AU - Zhang, Yufei

AU - Luo, Xiapu

AU - Wang, Ting

AU - Hu, Teng

AU - Xiao, Xiuzhuo

AU - Wang, Dong

AU - Huang, Jin

AU - Zhang, Xiaosong

PY - 2019/9

Y1 - 2019/9

N2 - Background: Millions of smart contracts have been deployed to Ethereum for providing various applications. Recent studies discovered many severe security and performance issues in smart contracts by applying static program analysis techniques to them. Given a smart contract, the majority of these analysis techniques need to first construct its control flow graph, which connects basic blocks through control flow transfers (CFTs), before conducting further analysis. Aims: The objective of this work is to understand the capabilities of static program analysis techniques to identify CFTs, and to investigate how static program analysis techniques can be improved if the CFTs are complemented. Method: We perform a comprehensive empirical study on six widely-used tools for smart contract analysis by using all deployed smart contracts to understand their capabilities to recognize CFTs. We capture all execution traces of all smart contracts to evaluate the number of CFTs covered by traces that are not found by those tools. We enhance a state-of-the-art tool, OYENTE for discovering vulnerabilities in smart contracts with the CFTs covered by traces to investigate how the tool is improved. Results: These studied tools fail to identify all CFTs due to several reasons, e.g., incomplete code patterns. Execution traces effectively complement these tool in recognizing CFTs. By including the CFTs covered by traces, the false negative rate of OYENTE can be reduced by up to 30%. Conclusions: Our study underlines the ineffectiveness of static analysis techniques due to the incapabilities of CFT identification.

AB - Background: Millions of smart contracts have been deployed to Ethereum for providing various applications. Recent studies discovered many severe security and performance issues in smart contracts by applying static program analysis techniques to them. Given a smart contract, the majority of these analysis techniques need to first construct its control flow graph, which connects basic blocks through control flow transfers (CFTs), before conducting further analysis. Aims: The objective of this work is to understand the capabilities of static program analysis techniques to identify CFTs, and to investigate how static program analysis techniques can be improved if the CFTs are complemented. Method: We perform a comprehensive empirical study on six widely-used tools for smart contract analysis by using all deployed smart contracts to understand their capabilities to recognize CFTs. We capture all execution traces of all smart contracts to evaluate the number of CFTs covered by traces that are not found by those tools. We enhance a state-of-the-art tool, OYENTE for discovering vulnerabilities in smart contracts with the CFTs covered by traces to investigate how the tool is improved. Results: These studied tools fail to identify all CFTs due to several reasons, e.g., incomplete code patterns. Execution traces effectively complement these tool in recognizing CFTs. By including the CFTs covered by traces, the false negative rate of OYENTE can be reduced by up to 30%. Conclusions: Our study underlines the ineffectiveness of static analysis techniques due to the incapabilities of CFT identification.

UR - http://www.scopus.com/inward/record.url?scp=85074283053&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85074283053&partnerID=8YFLogxK

U2 - 10.1109/ESEM.2019.8870156

DO - 10.1109/ESEM.2019.8870156

M3 - Conference contribution

AN - SCOPUS:85074283053

T3 - International Symposium on Empirical Software Engineering and Measurement

BT - Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019

PB - IEEE Computer Society

ER -

Chen T, Li Z, Zhang Y, Luo X, Wang T, Hu T et al. A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts. In Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019. IEEE Computer Society. 2019. 8870156. (International Symposium on Empirical Software Engineering and Measurement). https://doi.org/10.1109/ESEM.2019.8870156