Static Analysis of Integer Overflow of Smart Contracts in Ethereum

Static Analysis of Integer Overflow of Smart Contracts in Ethereum

연구 분야: Analysis

학회: ICCSP 2020: Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy

In recent years, vulnerabilities of smart contracts have frequently break out. In particular, integer overflow of smart contracts, a high-risk vulnerability, has caused huge financial losses. However, most tools currently fail to detect integer overflow in smart contracts. In this paper, we summarize 11 types of integer overflow features for Solidity smart contracts in Ethereum and abstractly define 83 corresponding XPath patterns. And we design an extensible static analysis tool to detect common integer overflow vulnerabilities of Solidity smart contracts in Ethereum through the defined XPath patterns. To evaluate our tool, we tested 7,000 verified Solidity smart contracts and found that there were 430 smart contracts with vulnerabilities of integer overflow. Experimental results show that there are still high-risk vulnerabilities of integer overflow in verified smart contracts.