Towards Understanding the Bugs in Solidity Compiler
Haoyang Ma, Wuqi Zhang, Qingchao Shen, Yongqiang Tian, Junjie Chen,, Shing-Chi Cheung
TL;DR
This paper systematically analyzes 533 bugs in the Solidity compiler, revealing their characteristics and limitations of current fuzzers, to improve understanding and detection of compiler bugs in smart contract development.
Contribution
First comprehensive study of Solidity compiler bugs, including their traits, root causes, and testing challenges, providing insights for future bug detection improvements.
Findings
Fuzzers are ineffective in detecting Solidity compiler bugs.
Seven key bug-revealing insights identified for Solidity compiler.
Bug detection is hindered by unconsidered features and flags.
Abstract
Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.