A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts

Ting Chen, Zihao Li, Yufei Zhang, Xiapu Luo, Ting Wang, Teng Hu, Xiuzhuo Xiao, Dong Wang, Jin Huang, Xiaosong Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Background: Millions of smart contracts have been deployed to Ethereum for providing various applications. Recent studies discovered many severe security and performance issues in smart contracts by applying static program analysis techniques to them. Given a smart contract, the majority of these analysis techniques need to first construct its control flow graph, which connects basic blocks through control flow transfers (CFTs), before conducting further analysis. Aims: The objective of this work is to understand the capabilities of static program analysis techniques to identify CFTs, and to investigate how static program analysis techniques can be improved if the CFTs are complemented. Method: We perform a comprehensive empirical study on six widely-used tools for smart contract analysis by using all deployed smart contracts to understand their capabilities to recognize CFTs. We capture all execution traces of all smart contracts to evaluate the number of CFTs covered by traces that are not found by those tools. We enhance a state-of-the-art tool, OYENTE for discovering vulnerabilities in smart contracts with the CFTs covered by traces to investigate how the tool is improved. Results: These studied tools fail to identify all CFTs due to several reasons, e.g., incomplete code patterns. Execution traces effectively complement these tool in recognizing CFTs. By including the CFTs covered by traces, the false negative rate of OYENTE can be reduced by up to 30%. Conclusions: Our study underlines the ineffectiveness of static analysis techniques due to the incapabilities of CFT identification.

Original languageEnglish (US)
Title of host publicationProceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019
PublisherIEEE Computer Society
ISBN (Electronic)9781728129686
DOIs
StatePublished - Sep 2019
Event13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019 - Porto de Galinhas, Pernambuco, Brazil
Duration: Sep 19 2019Sep 20 2019

Publication series

NameInternational Symposium on Empirical Software Engineering and Measurement
Volume2019-Septemer
ISSN (Print)1949-3770
ISSN (Electronic)1949-3789

Conference

Conference13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019
CountryBrazil
CityPorto de Galinhas, Pernambuco
Period9/19/199/20/19

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts'. Together they form a unique fingerprint.

  • Cite this

    Chen, T., Li, Z., Zhang, Y., Luo, X., Wang, T., Hu, T., Xiao, X., Wang, D., Huang, J., & Zhang, X. (2019). A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts. In Proceedings - 13th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2019 [8870156] (International Symposium on Empirical Software Engineering and Measurement; Vol. 2019-Septemer). IEEE Computer Society. https://doi.org/10.1109/ESEM.2019.8870156