TY - GEN
T1 - A Framework and DataSet for Bugs in Ethereum Smart Contracts
AU - Zhang, Pengcheng
AU - Xiao, Feng
AU - Luo, Xiapu
N1 - Funding Information:
The work is is partially supported by the Natural Science Foundation of Jiangsu Province under Grant No. BK20191297, the National Natural Science Foundation of China under Grant No. 61572171, and Hong Kong RGC Project (No. 152193/19E).
Publisher Copyright:
© 2020 IEEE.
PY - 2020/9
Y1 - 2020/9
N2 - Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract's bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.
AB - Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract's bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.
KW - Ethereum
KW - Smart contract bug
KW - Solidity
UR - http://www.scopus.com/inward/record.url?scp=85096698718&partnerID=8YFLogxK
U2 - 10.1109/ICSME46990.2020.00023
DO - 10.1109/ICSME46990.2020.00023
M3 - Conference article published in proceeding or book
AN - SCOPUS:85096698718
T3 - Proceedings - 2020 IEEE International Conference on Software Maintenance and Evolution, ICSME 2020
SP - 139
EP - 150
BT - Proceedings - 2020 IEEE International Conference on Software Maintenance and Evolution, ICSME 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 36th IEEE International Conference on Software Maintenance and Evolution, ICSME 2020
Y2 - 27 September 2020 through 3 October 2020
ER -