TL;DR
This paper empirically evaluates nine automated analysis tools for Ethereum smart contracts using extensive datasets, revealing varying detection accuracies and highlighting challenges in false positives and tool agreement.
Contribution
It introduces SmartBugs, an extendable framework for large-scale evaluation of smart contract analysis tools, and provides comprehensive empirical data on their performance.
Findings
Mythril has the highest accuracy at 27%.
Only 42% of vulnerabilities are detected by all tools.
97% of contracts are flagged as vulnerable, indicating many false positives.
Abstract
Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present an empirical evaluation of 9 state-of-the-art automated analysis tools using two new datasets: i) a dataset of 69 annotated vulnerable smart contracts that can be used to evaluate the precision of analysis tools; and ii) a dataset with all the smart contracts in the Ethereum Blockchain that have Solidity source code available on Etherscan (a total of 47,518 contracts). The datasets are part of SmartBugs, a new extendable execution framework that we created to facilitate the integration and comparison between multiple analysis tools and the analysis of Ethereum smart contracts. We used SmartBugs to execute the 9 automated analysis tools on the two datasets. In…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
