Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Thu 24 Sep 2020 09:50 - 10:00 at Kangaroo - Software Security and Trust (2) Chair(s): Raula Gaikovina Kula
Thu 24 Sep 2020 10:30 - 10:35 at Wombat - Tool Demo Showcase (3) Chair(s): Csaba Nagy

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research.

To address this, we present SmartBugs, an extendable and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum.

SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan.

We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool Smartcheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).

Thu 24 Sep

Displayed time zone: (UTC) Coordinated Universal Time change

09:10 - 10:10
Software Security and Trust (2)Tool Demonstrations / Research Papers / Industry Showcase at Kangaroo
Chair(s): Raula Gaikovina Kula NAIST
09:10
20m
Talk
Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts
Research Papers
Yinxing Xue , Mingliang Ma University of Science and Technology of China, Yun Lin National University of Singapore, Yulei Sui University of Technology Sydney, Australia, Jiaming Ye University of Science and Technology of China, Tianyong Peng University of Science and Technology of China
09:30
20m
Talk
Code-based Vulnerability Detection in Node.js Applications: How far are we?
Industry Showcase
Bodin Chinthanet Nara Institute of Science and Technology, Serena Elisa Ponta SAP Security Research, Henrik Plate SAP Security Research, Antonino Sabetta SAP Security Research, Raula Gaikovina Kula NAIST, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
09:50
10m
Talk
SmartBugs: A Framework to Analyze Solidity Smart Contracts
Tool Demonstrations
João F. Ferreira INESC-ID and IST, University of Lisbon, Pedro Cruz IST, University of Lisbon, Portugal, Thomas Durieux KTH Royal Institute of Technology, Sweden, Rui Abreu Faculty of Engineering, University of Porto, Portugal
DOI
10:20 - 11:20
Tool Demo Showcase (3)Tool Demonstrations at Wombat
Chair(s): Csaba Nagy Software Institute - USI, Lugano, Switzerland
10:20
5m
Talk
FILO: FIx-LOcus Localization for Backward Incompatibilities Caused by Android Framework Upgrades
Tool Demonstrations
Marco Mobilio University of Milano Bicocca, Oliviero Riganelli University of Milano-Bicocca, Italy, Daniela Micucci University of Milano-Bicocca, Italy, Leonardo Mariani University of Milano Bicocca
10:25
5m
Talk
EXPRESS: An Energy-Efficient and Secure Framework for Mobile Edge Computing and Blockchain based Smart Systems
Tool Demonstrations
Jia Xu School of Computer Science and Technology, Anhui University, Xiao Liu School of Information Technology, Deakin University, Xuejun Li School of Computer Science and Technology, Anhui University, Lei Zhang Antwork Robotics Co., Ltm., Hangzhou, China, Yun Yang Swinburne University of Technology
10:30
5m
Talk
SmartBugs: A Framework to Analyze Solidity Smart Contracts
Tool Demonstrations
João F. Ferreira INESC-ID and IST, University of Lisbon, Pedro Cruz IST, University of Lisbon, Portugal, Thomas Durieux KTH Royal Institute of Technology, Sweden, Rui Abreu Faculty of Engineering, University of Porto, Portugal
DOI
10:35
5m
Talk
RepoSkillMiner: Identifying software expertise from GitHub repositories using Natural Language Processing
Tool Demonstrations
Efstratios Kourtzanidis University Of Macedonia, Alexander Chatzigeorgiou University of Macedonia, Apostolos Ampatzoglou University of Macedonia
Pre-print Media Attached File Attached
10:40
5m
Talk
Sosed: a tool for finding similar software projects
Tool Demonstrations
Egor Bogomolov JetBrains Research, Yaroslav Golubev JetBrains Research, Artyom Lobanov JetBrains Research, Vladimir Kovalenko JetBrains Research, JetBrains N.V., Timofey Bryksin JetBrains Research, Saint Petersburg State University
10:45
5m
Talk
GUI2WiRe: Rapid Wireframing with a Mined and Large-Scale GUI Repository using Natural Language Requirements
Tool Demonstrations
Kristian Kolthoff Institute for Enterprise Systems (InES), University Of Mannheim, Christian Bartelt Institute for Software and Systems Engineering, TU Clausthal, Simone Paolo Ponzetto Data and Web Science Group, University of Mannheim
10:50
30m
Live Q&A
Q&A or Discussion
Tool Demonstrations