DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode

Project abstract

Smart contracts are Turing-complete programs running on the blockchain. They are immutable and cannot be modified once deployed. Therefore, ensuring smart contracts are bug free and well designed is extremely important.

A contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Detecting and removing contract defects can avoid potential bugs and make programs more robust.

We propose DefectChecker, a symbolic execution-based approach and tool to detect eight contract defects by analysing smart contracts bytecode on the Ethereum. We verify the performance of DefectChecker by applying it to an open-source dataset.

What did we do?

DefectChecker symbolically executes the smart contract through bytecode, and without the need of source code. During the symbolic execution, DefectChecker generates the control flow graph of smart contracts as well as the “stack event”, and identifies three features i.e., “Money Call”, “Loop Block”, and “Payable Function”. By using the CFG, stack event, and the three features, we design eight rules to detect each contract defect.

Project findings

DefectChecker is the most accurate and the fastest symbolic execution based model for smart contract defects detection. Our evaluation results show that DefectChecker obtains 88.8% of F-score (in the whole dataset) and only requires 0.15s to analyse one smart contract on average.

We systematically evaluated our tool using an open source dataset to test its performance. In addition, we crawled all of the bytecode (165,621) on the Ethereum platform by the time of writing the paper and identified 25,815 smart contracts that contain at least one contract defect. Using these results, we find some real-world attacks, and give examples to show the importance of detecting contract defects.

Further reading

Tool

Project Lead