A Survey of Tools for Analyzing Ethereum Smart Contracts

Smart contracts are at the heart of many decentralized applications, encapsulating core parts of the business logic. They handle the exchange of valuable assets like crypto-currencies or tokens in a transparent, decentralized manner. Being computer programs, they are also prone to programming errors, which have already lead to spectacular losses. Therefore, methods and tools have emerged to support the development of secure smart contracts and to aid the analysis of deployed ones. Assessing the quality of such tools turns out to be difficult. There are academic tools, tools developed by companies, and community tools in open repositories, but no comprehensive survey that may serve as a guide. Most discussions of related work in research papers are not helpful either, as they concentrate on methods rather than tools, base their review on publications about the tools rather than the tools themselves, or disregard tools outside of academia. Our survey aims at filling this gap by considering tools regardless of their provenance and by installing and testing them. It is meant as a guide for those who intend to analyze already deployed code, want to develop secure smart contracts, or plan to teach a related subject. We investigate 27 tools for analyzing Ethereum smart contracts regarding availability, maturity level, methods employed, and detection of security issues.

[1]  Ardit Dika,et al.  Ethereum Smart Contracts: Security Vulnerabilities and Security Tools , 2017 .

[2]  Radu State,et al.  Visual emulation for Ethereum's virtual machine , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[3]  Yi Zhou,et al.  Erays: Reverse Engineering Ethereum's Opaque Smart Contracts , 2018, USENIX Security Symposium.

[4]  Christian Rossow,et al.  teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts , 2018, USENIX Security Symposium.

[5]  Aron Laszka,et al.  Tool Demonstration: FSolidM for Designing Secure Ethereum Smart Contracts , 2018, POST.

[6]  Jun Sun,et al.  Security Assurance for Smart Contract , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[7]  Yi Zhang,et al.  KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[8]  Albert Rubio,et al.  EthIR: A Framework for High-Level Analysis of Ethereum Bytecode , 2018, ATVA.

[9]  Ilya Grishchenko,et al.  EtherTrust: Sound Static Analysis of Ethereum bytecode , 2018 .

[10]  Gordon J. Pace,et al.  Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond , 2018, RV.

[11]  Yi Zhang,et al.  A formal verification tool for Ethereum VM bytecode , 2018, ESEC/SIGSOFT FSE.

[12]  Bo Gao,et al.  sCompile: Critical Path Identification and Analysis for Smart Contracts , 2018, ICFEM.

[13]  Péter Hegedűs Towards Analyzing the Complexity Landscape of Solidity Based Ethereum Smart Contracts , 2019 .

[14]  Chao Liu,et al.  S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[15]  Zhong Chen,et al.  ReGuard: Finding Reentrancy Bugs in Smart Contracts , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion).

[16]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[17]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[18]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[19]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[20]  Sergei Tikhomirov,et al.  SmartCheck: Static Analysis of Ethereum Smart Contracts , 2018, 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[21]  Xiapu Luo,et al.  Under-optimized smart contracts devour your money , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[22]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[23]  Jae hyung Lee DappGuard : Active Monitoring and Defense for Solidity Smart Contracts , 2017 .

[24]  Vincent Gramoli,et al.  Vandal: A Scalable Security Analysis Framework for Smart Contracts , 2018, ArXiv.

[25]  Radu State,et al.  Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts , 2018, ACSAC.

[26]  Ali Dehghantanha,et al.  Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains , 2018, CASCON.

[27]  Aron Laszka,et al.  Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach , 2017, Financial Cryptography.