Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Wang, Dingding, He, Jianting, Yang, Yizheng, Wu, Lei, Chang, Rui, Zhou, Yajin
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2505.14437
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866913848960745472
author Wang, Dingding
He, Jianting
Yang, Yizheng
Wu, Lei
Chang, Rui
Zhou, Yajin
author_facet Wang, Dingding
He, Jianting
Yang, Yizheng
Wu, Lei
Chang, Rui
Zhou, Yajin
contents The emergence of smart contracts brings security risks, exposing users to the threat of losing valuable cryptocurrencies, underscoring the urgency of meticulous scrutiny. Nevertheless, the static analysis of smart contracts in EVM bytecode faces obstacles due to flawed primitives resulting from code reuse introduced by compilers. Code reuse, a phenomenon where identical code executes in diverse contexts, engenders semantic ambiguities and redundant control-flow dependencies within reuse-insensitive CFGs. This work delves into the exploration of code reuse within EVM bytecode, outlining prevalent reuse patterns, and introducing Esuer, a tool that dynamically identifies code reuse when constructing CFGs. Leveraging taint analysis to dynamically identify reuse contexts, Esuer identifies code reuse by comparing multiple contexts for a basic block and replicates reused code for a reuse-sensitive CFG. Evaluation involving 10,000 prevalent smart contracts, compared with six leading tools, demonstrates Esuer's ability to notably refine CFG precision. It achieves an execution trace coverage of 99.94% and an F1-score of 97.02% for accurate identification of reused code. Furthermore, Esuer attains a success rate of 99.25%, with an average execution time of 1.06 seconds, outpacing tools generating reuse-insensitive CFGs. Esuer's efficacy in assisting identifying vulnerabilities such as tx.origin and reentrancy vulnerabilities, achieving F1-scores of 99.97% and 99.67%, respectively.
format Preprint
id arxiv_https___arxiv_org_abs_2505_14437
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Building Reuse-Sensitive Control Flow Graphs (CFGs) for EVM Bytecode
Wang, Dingding
He, Jianting
Yang, Yizheng
Wu, Lei
Chang, Rui
Zhou, Yajin
Software Engineering
The emergence of smart contracts brings security risks, exposing users to the threat of losing valuable cryptocurrencies, underscoring the urgency of meticulous scrutiny. Nevertheless, the static analysis of smart contracts in EVM bytecode faces obstacles due to flawed primitives resulting from code reuse introduced by compilers. Code reuse, a phenomenon where identical code executes in diverse contexts, engenders semantic ambiguities and redundant control-flow dependencies within reuse-insensitive CFGs. This work delves into the exploration of code reuse within EVM bytecode, outlining prevalent reuse patterns, and introducing Esuer, a tool that dynamically identifies code reuse when constructing CFGs. Leveraging taint analysis to dynamically identify reuse contexts, Esuer identifies code reuse by comparing multiple contexts for a basic block and replicates reused code for a reuse-sensitive CFG. Evaluation involving 10,000 prevalent smart contracts, compared with six leading tools, demonstrates Esuer's ability to notably refine CFG precision. It achieves an execution trace coverage of 99.94% and an F1-score of 97.02% for accurate identification of reused code. Furthermore, Esuer attains a success rate of 99.25%, with an average execution time of 1.06 seconds, outpacing tools generating reuse-insensitive CFGs. Esuer's efficacy in assisting identifying vulnerabilities such as tx.origin and reentrancy vulnerabilities, achieving F1-scores of 99.97% and 99.67%, respectively.
title Building Reuse-Sensitive Control Flow Graphs (CFGs) for EVM Bytecode
topic Software Engineering
url https://arxiv.org/abs/2505.14437