SolaSim: Clone Detection for Solana Smart Contracts via Program Representation (ICPC 2024 - Research Track)

Who

Che Wang, Yue Li, Jianbo Gao, Ke Wang, Jiashuo Zhang, Zhi Guan, Zhong Chen

Track

ICPC 2024 Research Track

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 16 Apr 2024 11:10 - 11:20 at Sophia de Mello Breyner Andresen - Bugs, Defects, and Code Quality Chair(s): Alberto Martin-Lopez

Abstract

The open-source nature of smart contracts provides the facility for developers to clone contracts and introduces the risk of vulnerability proliferation as well. Despite intensive research on smart contract clone detection in recent years, existing techniques are still unsatisfactory in detecting Solana smart contracts. To fill this gap, in this paper, we designed a clone detection tool SolaSim for Solana smart contracts and conducted an empirical study to understand the code reuse in the Solana ecosystem. Specifically, SolaSim is based on the semantic metadata extractor and the similarity checker. For each contract, the semantic metadata extractor generates an instruction-level weighted Attributed Control Flow Graph (ACFG) and its semantic metadata (i.e., a combination of high-level semantic and structure information) based on Rust Mid-level Intermediate Representation. The similarity checker adopts a combinatorial optimization algorithm to compute the statistical similarity of a pair of contracts. The evaluation results demonstrated the effectiveness of SolaSim in identifying clones with 94.3% accuracy and it can identify up to Type-3 clone level. Notably, we found there are over 50% clone ratios in the Solana smart contracts ecosystem, in which most of them are cloned from famous open-sourced projects.

Che Wang

Peking University, China

China

Yue Li

Peking University

Jianbo Gao

Peking University

China

Ke Wang

Peking University

Jiashuo Zhang

Peking University, China

Zhi Guan

Peking University

Zhong Chen

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Tue 16 Apr
Displayed time zone: Lisbon change

11:00 - 12:30	Bugs, Defects, and Code QualityResearch Track / / Early Research Achievements (ERA) / Replications and Negative Results (RENE) at Sophia de Mello Breyner Andresen Chair(s): Alberto Martin-Lopez Software Institute - USI, Lugano

11:00 10m Talk		What the Fix? A Study of ASAT Rules DocumentationICPCICPC Full paper Research Track Corentin Latappy Univ. Bordeaux, CNRS, Bordeaux INP, LaBRI, UMR 5800, Promyze, Thomas Degueule CNRS, Jean-Rémy Falleri Bordeaux INP, Romain Robbes CNRS, LaBRI, University of Bordeaux, Xavier Blanc Univ. Bordeaux, Bordeaux INP, CNRS, LaBRI, UMR5800, Cédric Teyton Promyze, Bordeaux, France Pre-print
11:10 10m Talk		SolaSim: Clone Detection for Solana Smart Contracts via Program RepresentationICPCICPC Full paper Research Track Che Wang Peking University, China, Yue Li Peking University, Jianbo Gao Peking University, Ke Wang Peking University, Jiashuo Zhang Peking University, China, Zhi Guan Peking University, Zhong Chen
11:20 10m Talk		The Impact of Compiler Warnings on Code Quality in C++ ProjectsICPCICPC Full paper Research Track Albin Johansson Chalmers University of Technology, Carl Holmberg Chalmers University of Technology, Francisco Gomes de Oliveira Neto Chalmers \| University of Gothenburg, Philipp Leitner Chalmers \| University of Gothenburg
11:30 10m Talk		Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning AttacksICPCICPC Full paper Research Track Domenico Cotroneo University of Naples Federico II, Cristina Improta University of Naples Federico II, Pietro Liguori University of Naples Federico II, Roberto Natella Federico II University of Naples Pre-print
11:40 10m Talk		A Just-in-time Software Defect Localization Method based on Code Graph RepresentationICPCICPC Full paperVirtual-Talk Research Track Huan Zhang Central South University, Wei-Huan Min Central South University, Zhao Wei Tencent, Li Kuang School of Computer Science and Engineering, Central South University, Hong-Hao Gao Shanghai University, Huai-Kou Miao Shanghai University
11:50 10m Talk		SICode: Embedding-Based Subgraph Isomorphism Identification for Bug DetectionICPCICPC Full paper Research Track Yuanjun Gong Renmin University of China, Jianglei Nie Renmin University of China, Wei You Renmin University of China, Wenchang Shi Renmin University of China, China, Jianjun Huang Renmin University of China, Bin Liang Renmin University of China, China, Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences
12:00 10m Talk		Tuning Code Smell Prediction Models: A Replication StudyICPCICPC RENE Paper Replications and Negative Results (RENE) Henrique Gomes Nunes Federal University of Minas Gerais (UFMG), Amanda Santana Federal University of Minas Gerais (UFMG), Eduardo Figueiredo Federal University of Minas Gerais, Brazil, Heitor Augustus Xavier Costa Federal University of Lavras
12:10 8m Talk		Studying Vulnerable Code Entities in RICPCICPC ERA Paper Early Research Achievements (ERA) Zixiao Zhao University of British Columbia, Millon Madhur Das Indian Institute of Technology Kharagpur, Fatemeh Hendijani Fard University of British Columbia
12:18 12m Talk		Bugs, Defects, and Code Quality: Panel with SpeakersICPC Discussion