Towards Finding Accounting Errors in Smart Contracts

Abstract

ScType is a static analysis tool written in Python3 to detect accounting errors in Solidity smart contracts.

ScType leverages the single-static-assignment representation produced by Slither to perform abstract type inference. It assigns initial abstract types to select variables based on a type file or inference from the code. Then, the abstract types are propagated throughout the contract based on the produced representation and typechecked accordingly.

ScType checks each individual function within the code. Users are able to specify the abstract types of the initial function parameters through the type file, however the majority of abstract type assignment to variables is done through propagation.

ScType can handle simple variables as well as arrays and object fields. It can also handle function calls as long as the function is located within the user-defined scope. This includes calls to functions outside of the current file being checked. More details will be provided in the Artifact Submission.

To pull the package, reviewers will need to install Docker, and will also need a machine with at least 24 GB of available space.

ScType is applying for both the Available and Reusable badges.