Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Wed 22 Jul 2020 12:10 - 12:30 at Zoom - STATIC ANALYSIS AND SEARCH-BASED TESTING Chair(s): Daniel Kroening

Security attacks targeting smart contracts have been on the rise, which have led to financial loss and erosion of trust. Therefore, it is important to enable developers to discover security vulnerabilities in smart contracts before deployment. A number of static analysis tools have been developed for finding security bugs in smart contracts. However, despite the numerous bug-finding tools, there is no systematic approach to evaluate the proposed tools and gauge their effectiveness. This paper proposes SolidiFI, an automated and systematic approach for evaluating smart contracts’ static analysis tools. SolidiFI is based on injecting bugs (i.e., code defects) into all potential locations in a smart contract to introduce targeted security vulnerabilities. SolidiFI then checks the generated buggy contract using the static analysis tools, and identifies the bugs that the tools are unable to detect (false-negatives) along with identifying the bugs reported as false-positives. SolidiFI is used to evaluate six widely-used static analysis tools, namely, Oyente, Securify, Mythril, SmartCheck, Manticore and Slither, using a set of 50 contracts. It finds several instances of bugs that are not detected by the evaluated tools despite their claims of being able to detect such bugs, and all the tools report many false positives.

Wed 22 Jul
Times are displayed in time zone: Tijuana, Baja California change

12:10 - 13:10: STATIC ANALYSIS AND SEARCH-BASED TESTINGTechnical Papers at Zoom
Chair(s): Daniel KroeningUniversity of Oxford

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

12:10 - 12:30
How Effective Are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools using Bug InjectionArtifacts AvailableArtifacts Evaluated – Functional
Technical Papers
Asem Ghaleb, Karthik PattabiramanUniversity of British Columbia
DOI Media Attached
12:30 - 12:50
A Programming Model for Semi-implicit Parallelization of Static Analyses
Technical Papers
Dominik HelmTU Darmstadt, Germany, Florian KüblerTU Darmstadt, Germany, Jan Thomas Kölzer, Philipp HallerKTH Royal Institute of Technology, Michael EichbergTU Darmstadt, Germany, Guido SalvaneschiTechnische Universität Darmstadt, Mira MeziniTechnische Universität Darmstadt
12:50 - 13:10
Recovering Fitness Gradients for Interprocedural Boolean Flags in Search-Based Testing
Technical Papers
Yun LinNational University of Singapore, Jun SunSingapore Management University, Gordon FraserUniversity of Passau, Ziheng Xiu, Ting LiuXi'an Jiaotong University, Jin Song DongNational University of Singapore
DOI Pre-print Media Attached