Saved in:
Bibliographic Details
Main Authors: Li, Dongcheng, Wong, W. Eric, Wang, Xiaodan, Pan, Sean, Koh, Liang-Seng
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2410.00282
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909331370278912
author Li, Dongcheng
Wong, W. Eric
Wang, Xiaodan
Pan, Sean
Koh, Liang-Seng
author_facet Li, Dongcheng
Wong, W. Eric
Wang, Xiaodan
Pan, Sean
Koh, Liang-Seng
contents This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.
format Preprint
id arxiv_https___arxiv_org_abs_2410_00282
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Smart Contract Vulnerability Detection based on Static Analysis and Multi-Objective Search
Li, Dongcheng
Wong, W. Eric
Wang, Xiaodan
Pan, Sean
Koh, Liang-Seng
Software Engineering
This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.
title Smart Contract Vulnerability Detection based on Static Analysis and Multi-Objective Search
topic Software Engineering
url https://arxiv.org/abs/2410.00282