An Empirical Study on Implicit Constraints in Smart Contract Static Analysis

Tingting Yin, Chao Zhang, Yuandong Ni, Yixiong Wu, Taiyu Wong, Xiapu Luo, Zheming Li, Yu Guo

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

Smart contracts are usually financial-related, which makes them attractive attack targets. Many static analysis tools have been developed to facilitate the contract audit process, but not all of them take account of two special features of smart contracts: (1) The external variables, like time, are constrained by real-world factors; (2) The internal variables persist between executions. Since these features import implicit constraints into contracts, they significantly affect the performance of static tools, such as causing errors in reachability analysis and resulting in false positives. In this paper, we conduct a systematic study on implicit constraints from three aspects. First, we summarize the implicit constraints in smart contracts. Second, we evaluate the impact of such constraints on the state-of-the-art static tools. Third, we propose a lightweight but effective mitigation method named ConSym to deal with such constraints and integrate it into OSIRIS. The evaluation result shows that ConSym can filter out 96% of false positives and reduce false negatives by two-thirds.
Original languageEnglish
Title of host publicationProceedings of the 44th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice (ICSE)
PublisherIEEE
Pages31-32
ISBN (Electronic)978-1-6654-9590-5
ISBN (Print)978-1-6654-9591-2
Publication statusPublished - May 2022
Event44th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice - Pittsburgh, United States
Duration: 22 May 202224 May 2022
https://ieeexplore.ieee.org/xpl/conhome/9793838/proceeding

Conference

Conference44th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice
Country/TerritoryUnited States
CityPittsburgh
Period22/05/2224/05/22
Internet address

Fingerprint

Dive into the research topics of 'An Empirical Study on Implicit Constraints in Smart Contract Static Analysis'. Together they form a unique fingerprint.

Cite this