Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Wed 22 Jul 2020 12:10 - 12:30 at Zoom - STATIC ANALYSIS AND SEARCH-BASED TESTING Chair(s): Daniel Kroening

Security attacks targeting smart contracts have been on the rise, which have led to financial loss and erosion of trust. Therefore, it is important to enable developers to discover security vulnerabilities in smart contracts before deployment. A number of static analysis tools have been developed for finding security bugs in smart contracts. However, despite the numerous bug-finding tools, there is no systematic approach to evaluate the proposed tools and gauge their effectiveness. This paper proposes SolidiFI, an automated and systematic approach for evaluating smart contracts’ static analysis tools. SolidiFI is based on injecting bugs (i.e., code defects) into all potential locations in a smart contract to introduce targeted security vulnerabilities. SolidiFI then checks the generated buggy contract using the static analysis tools, and identifies the bugs that the tools are unable to detect (false-negatives) along with identifying the bugs reported as false-positives. SolidiFI is used to evaluate six widely-used static analysis tools, namely, Oyente, Securify, Mythril, SmartCheck, Manticore and Slither, using a set of 50 contracts. It finds several instances of bugs that are not detected by the evaluated tools despite their claims of being able to detect such bugs, and all the tools report many false positives.

Wed 22 Jul

Displayed time zone: Tijuana, Baja California change

12:10 - 13:10
Chair(s): Daniel Kroening University of Oxford

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

How Effective Are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools using Bug InjectionArtifacts AvailableArtifacts Evaluated – Functional
Technical Papers
Asem Ghaleb , Karthik Pattabiraman University of British Columbia
DOI Media Attached
A Programming Model for Semi-implicit Parallelization of Static Analyses
Technical Papers
Dominik Helm TU Darmstadt, Germany, Florian Kübler TU Darmstadt, Germany, Jan Thomas Kölzer , Philipp Haller KTH Royal Institute of Technology, Michael Eichberg TU Darmstadt, Germany, Guido Salvaneschi Technische Universität Darmstadt, Mira Mezini Technische Universität Darmstadt
Recovering Fitness Gradients for Interprocedural Boolean Flags in Search-Based Testing
Technical Papers
Yun Lin National University of Singapore, Jun Sun Singapore Management University, Gordon Fraser University of Passau, Ziheng Xiu , Ting Liu Xi'an Jiaotong University, Jin Song Dong National University of Singapore
DOI Pre-print Media Attached