Evolución a Largo Plazo (LTE)

There exist a number of scanners that analyse smart contracts for vulnerabilities. These tools are developed by academic researchers as well as commercial organisa- tions. Dika presents a list of nine different scanners in his thesis, none of which is capable of detecting all vulnerabilities from Table 4.2 (Dika, 2017). Smart contract analysers have different scopes, some are focussed on Solidity source code while others are only focussed on EVM code. Scanners such as Oyente and Securify are capable of analysing both Solidity source code and EVM code. The effectiveness, accuracy, consistency of each scanner is different, each scanner has its own strong and weak points.

Two studies that describe a security analysis of smart contracts on the Ethereum blockchain are described in more detail below.

TABLE4.3: Results analysis Oyente (Luu et al., 2016) Number of contracts

containing issues

Number of contracts with distinct EVM code

Mishandled exceptions 5.411 1.385

Transaction-ordering

dependence 3.056 135

Timestamp dependence 83 -

Re-entrancy Handling 2 1

TABLE4.4: Correctness analysis Oyente (Luu et al., 2016) Source code

available False positives

Mishandled exceptions 116 0

Transaction-ordering dependence 32 9

Timestamp dependence 7 -

Re-entrancy Handling 2 1

4.2.1 Oyente

An extensive analysis of vulnerabilities in existing smart contracts was performed by Luu et al. (2016). A dedicated tool called Oyente was developed to be able to analyse existing smart contracts on the Ethereum blockchain. Oyente uses symbolic execution to enable statistical reasoning about paths followed by the program. At the time of publishing, the implementation of Oyente supported the detection of the following vulnerabilities:

1. Transaction-ordering dependence 2. Timestamp dependence

3. Mishandled exceptions

4. Re-entrancy vulnerability (Race conditions)

During their analysis, Luu et al. collected all deployed smart contracts on the Ethereum blockchain till the 5th of May 2016. This resulted in a total collection of 19,366 smart contracts with a total value of 3,068,654 Ether, at that time worth around 30 million US dollars. After 3,000 hours on four Amazon m4.10xlarge instances on Amazon, the tool found in total 8,833 contracts with at least one security issue or vulnerability. An analysis of the EVM code showed that 1,682 of these smart con- tracts were distinct. Note that these are distinct in EVM code and not necessarily in source code: this means that two smart contracts with the same logic but with a different variable or function naming will also be distinct. Of the 1,682 distinct smart contracts, the source code of only 175 smart contracts was published on EtherScan (Etherscan, 2018a). With the source code of these smart contracts, Luu et al. were able to verify the correctness of the tool. In 10 out of the 175 cases, the security issue found by Oyente was a false positive. Table 4.3 shows how often each vulnerability is found in a smart contract. The correctness, i.e. the number of false positives of smart contracts with source code available, can be found in Table 4.4. In total 45.6% of all analysed smart contracts contain one or more security issues. This indicates that security of smart contracts can be improved significantly.

Chapter 4. Smart Contract Vulnerabilities 32

TABLE4.5: Results analysis Maian (Nikolic et al., 2018)

Category #Candidates flagged

(distinct) Candidates without source #Validated % of true positives Prodigal 1504(438) 1487 1253 97 Suicidal 1495(403) 1487 1423 99 Greedy 31,201(1524) 31,045 1083 69 Total 34,200(2,365) 34,019 3,759 89 4.2.2 Maian

Nikolic et al. (2018) developed Maian, which is a tool that is capable of detecting greedy, prodigal, suicidal and posthumous contracts at scale by using symbolic ex- ecution. Symbolic execution only takes the EVM code, and not the source code, of a smart contract as an input. This allowed the researchers to analyse all smart contracts that are deployed on the Ethereum blockchain. Maian analysed 970,898 smart contracts, which are all smart contracts that were deployed till block 4,799,998 (mined on December 26th_{, 2017).}

Maian focusses on four different vulnerabilities:

Greedy Greedy contracts are smart contracts that become in a state in which the

funds are locked forever. No one, including the owner, can access the funds on a smart contract.

Prodigal Prodigal contracts are smart contracts that may leak funds to an arbitrary

address, allowing attackers to steal funds from these smart contracts.

Suicidal Smart contracts may contain a security feature that gives the owner the

option to kill the contract. When these features are not properly implemented, ar- bitrary accounts might be able to call this kill function. Nikoli´c et al. classify these contracts as suicidal contracts.

Posthumous When a smart contract is killed, the code and global variables are

removed from the blockchain. A smart contract is posthumous when it is still able to receive funds, these are then locked forever.

The results of the analyses for greedy, prodigal and suicidal accounts can be found in Table 4.5. Posthumous contracts are excluded from the table as this type of contracts can be verified without using symbolic execution. This was done by look- ing at smart contracts that do not contain any executable code. In total 853 smart contracts did not contain any executable code, 294 of these received funds after the contracts were killed. A disturbing fact that the researchers present is that in total 4,905 Ether is stored on suicidal and prodigal contracts. At the time of writing, the total value of this amount of Ether is around 2.3 million Dollar.