Detecting cross-contract vulnerability through static analysis at the bytecode level

What is it about?

With the increasing popularity of blockchain, automatically detecting vulnerabilities in smart contracts is becoming a significant problem. This paper proposes SmartDagger, a new framework for detecting cross-contract vulnerability through static analysis at the bytecode level. SmartDagger integrates a set of novel mechanisms to ensure its effectiveness and efficiency for cross-contract vulnerability detection. Particularly, SmartDagger effectively recovers the contract attribute information from the smart contract bytecode, which is critical for accurately identifying cross-contract vulnerabilities. Besides, instead of performing the typical whole-program analysis which is heavy-weight and time-consuming, SmartDagger selectively analyzes a subset of functions and reuses the data-flow results, which helps to improve its efficiency.

Featured Image

Photo by Kanchanara on Unsplash

Photo by Kanchanara on Unsplash

Why is it important?

The proposed new framework significantly outperforms other state-of-the-art tools (i.e., Oyente, Slither, Osiris, and Mythril) for detecting cross-contract vulnerabilities. In addition, running SmartDagger over a randomly selected dataset of 250 smart contracts in the real world, SmartDagger detects 11 cross-contract vulnerabilities, all of which are missed by prior tools.