DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode

Author

Jiachi CHEN
Xin XIA
David LO, Singapore Management UniversityFollow
John GRUNDY
Xiapu LUO
Ting CHEN

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

2-2022

Abstract

Smart contracts are Turing-complete programs running on the blockchain. They are immutable and cannot be modified, even when bugs are detected. Therefore, ensuring smart contracts are bug-free and well-designed before deploying them to the blockchain is extremely important. A contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Detecting and removing contract defects can avoid potential bugs and make programs more robust. Our previous work defined 20 contract defects for smart contracts and divided them into five impact levels. According to our classification, contract defects with seriousness level between 1-3 can lead to unwanted behaviors, e.g., a contract being controlled by attackers. In this paper, we propose DefectChecker, a symbolic execution-based approach and tool to detect eight contract defects that can cause unwanted behaviors of smart contracts on the Ethereum blockchain platform. DefectChecker can detect contract defects from smart contracts’ bytecode. We verify the performance of DefectChecker by applying it to an open-source dataset. Our evaluation results show that DefectChecker obtains a high F-score (88.8% in the whole dataset) and only requires 0.15s to analyze one smart contract on average. We also applied DefectChecker to 165,621 distinct smart contracts on the Ethereum platform. We found that 25,815 of these smart contracts contain at least one of the contract defects that belongs to impact level 1-3, including some real-world attacks.

Keywords

Smart Contracts, Ethereum, Contract Defects Detection, Bytecode Analyze, Symbolic Execution

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

IEEE Transactions on Software Engineering

Volume

48

Issue

7

First Page

2189

Last Page

2207

ISSN

0098-5589

Identifier

10.1109/TSE.2021.3054928

Publisher

Institute of Electrical and Electronics Engineers

Citation

CHEN, Jiachi; XIA, Xin; LO, David; GRUNDY, John; LUO, Xiapu; and CHEN, Ting. DefectChecker: Automated smart contract defect detection by analyzing EVM bytecode. (2022). IEEE Transactions on Software Engineering. 48, (7), 2189-2207.
Available at: https://ink.library.smu.edu.sg/sis_research/7665

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TSE.2021.3054928