Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications

Blockchain technology, which provides digital security in a distributed manner, has evolved into a key technology that can build efficient and reliable decentralized applications (called DApps) beyond the function of cryptocurrency. The characteristics of blockchain such as immutability and openness, however, have made DApps more vulnerable to various security risks, and thus it has become of great significance to validate the integrity of DApps before they actually operate upon blockchain. Recently, research on vulnerability in smart contracts (a building block of DApps) has been actively conducted, and various vulnerabilities and their countermeasures were reported. However, the effectiveness of such countermeasures has not been studied well, and no appropriate methods have been proposed to evaluate them. In this paper, we propose a software tool that can easily perform comparative studies by adding existing/new countermeasures and labeled smart contract codes. The proposed tool demonstrates verification performance using various statistical indicators, which helps to identify the most effective countermeasures for each type of vulnerability. Using the proposed tool, we evaluated state-of-the-art countermeasures with 237 labeled benchmark codes. The results indicate that for certain types of vulnerabilities, some countermeasures show evenly good performance scores on various metrics. However, it is also observed that countermeasures that detect the largest number of vulnerable codes typically generate much more false positives, resulting in very low precision and accuracy. Consequently, under given constraints, different countermeasures may be recommended for detecting vulnerabilities of interest. We believe that the proposed tool could effectively be utilized for a future verification study of smart contract applications and contribute to the development of practical and secure smart contract applications.

Automated summary

This paper discusses the evolution of blockchain technology, DApps, and vulnerabilities in smart contracts. A software tool is proposed to evaluate and select the most effective countermeasures for vulnerabilities, revealing trade-offs in detecting vulnerabilities.