Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

SolSecure: A Security Analyzer for Integer Bugs in Smart Contracts

  • Conference paper
  • First Online:
Blockchain and Web3.0 Technology Innovation and Application (BWTAC 2024)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2277))

  • 47 Accesses

Abstract

Blockchain is a peer-to-peer network system that stores chains of transaction data. Blockchain is decentralized and immutable. Once data is added to the chain, it cannot be modified or deleted. Smart contracts are intelligent protocols running at the application layer of blockchain, enabling trustworthy transactions without third parties. However, the openness and immutability of the architecture introduce various security risks. Integer bugs arise from improper handling of numerical variables. They pose significant dangers in smart contract because, in contracts, integer variables are often used to represent critical financial information, such as account balances, asset prices, and transaction amounts. If miscalculations occur, they can lead to substantial financial losses. This paper describes SolSecure, a framework based on abstract interpretation theory [1, 2], designed to find integer bugs in Ethereum smart contracts. Experimental results show that SolSecure can effectively detect integer vulnerabilities in Solidity smart contracts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: Proceedings of the 2nd International Symposium on Programming (ISOP ’76), pp. 106–130 (1976)

    Google Scholar 

  2. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL ’77), pp. 238–252 (1977)

    Google Scholar 

  3. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Decentralized Bus. Rev. (2008)

    Google Scholar 

  4. Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)

    Google Scholar 

  5. So, S., Lee, M., Park, J., Lee, H., Oh, H.: Verismart: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694. IEEE (2020)

    Google Scholar 

  6. Tan, B., Mariano, B., Lahiri, S.K., Dillig, I., Feng, Y.: SolType: refinement types for arithmetic overflow in solidity. Proceedings of the ACM on Programming Languages, vol. 6, no. POPL, pp. 1–29. ACM, New York (2022)

    Google Scholar 

  7. Wang, X., He, J., Xie, Z., Zhao, G., Cheung, S.-C.: ContractGuard: defend ethereum smart contracts with embedded intrusion detection. IEEE Trans. Serv. Comput. 13(2), 314–328 (2019)

    Google Scholar 

  8. Lin, Z., Zhang, S., Wang, C., Zhou, Y.: An overview of blockchain technology: applications in next-generation intelligent manufacturing. J. Intell. Sci. Technol. 5(2), 200–211 (2023)

    Google Scholar 

  9. Lin, S., Zhang, L., Liu, D.: A review of applications based on blockchain smart contracts. J. Comput. Appl. 38(9) (2021)

    Google Scholar 

  10. The ethereum.org team: Introduction to Smart Contracts. https://docs.soliditylang.org/en/v0.8.21/. Accessed 2023

  11. Hwang, S., Ryu, S.: Gap between theory and practice: an empirical study of security patches in solidity. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 542–553 (2020)

    Google Scholar 

  12. Rice, H.G.: Classes of recursively enumerable sets and their decision problems. Trans. Amer. Math. Soc. 74(2), 358–366 (1953)

    Article  MathSciNet  Google Scholar 

  13. Li, Z., Wang, J., Sun, M., Lui, J.C.S.: MirChecker: detecting bugs in rust programs via static analysis. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2183–2196 (2021)

    Google Scholar 

  14. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  15. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8–15. IEEE (2019)

    Google Scholar 

  16. Jiang, B., Liu, Y., Chan, W.K.: ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269 (2018)

    Google Scholar 

  17. He, J., Balunović, M., Ambroladze, N., Tsankov, P., Vechev, M.: Learning to fuzz from symbolic execution with application to smart contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 531–548 (2019)

    Google Scholar 

  18. Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Global value numbers and redundant computations. In: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 12–27 (1988)

    Google Scholar 

  19. Ghaleb, A.: Towards effective static analysis approaches for security vulnerabilities in smart contracts. In: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp. 1–5 (2022)

    Google Scholar 

  20. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: SmartCheck: static analysis of ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)

    Google Scholar 

  21. Lai, E., Luo, W.: Static analysis of integer overflow of smart contracts in ethereum. In: Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy, pp. 110–115 (2020)

    Google Scholar 

  22. Ghaleb, A., Pattabiraman, K.: How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (2020)

    Google Scholar 

Download references

Acknowledgment

This work is supported by the VeChain Foundation (No. SCNU2018-01), Industry-University-Research Innovation Fund for Chinese Universities (2020ITA09006).

Author information

Authors and Affiliations

  1. School of Computer Science, South China Normal University, Guangzhou, 510631, Guangdong, China

    Tianyi Liu, Gansen Zhao & Kai Zheng

  2. Key Lab on Cloud Security and Assessment Technology of Guangzhou, Guangzhou, 510631, Guangdong, China

    Tianyi Liu & Gansen Zhao

Authors
  1. Tianyi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gansen Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kai Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tianyi Liu .

Editor information

Editors and Affiliations

  1. South China Normal University, Guangzhou, China

    Gansen Zhao

  2. Jinan University, Guangzhou, China

    Jian Weng

  3. Guangzhou University, Guangzhou, China

    Zhihong Tian

  4. Beijing Institute of Technology, Beijing, China

    Liehuang Zhu

  5. Sun Yat-sen University, Guangzhou, China

    Zibin Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, T., Zhao, G., Zheng, K. (2025). SolSecure: A Security Analyzer for Integer Bugs in Smart Contracts. In: Zhao, G., Weng, J., Tian, Z., Zhu, L., Zheng, Z. (eds) Blockchain and Web3.0 Technology Innovation and Application. BWTAC 2024. Communications in Computer and Information Science, vol 2277. Springer, Singapore. https://doi.org/10.1007/978-981-97-9412-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-9412-6_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-9411-9

  • Online ISBN: 978-981-97-9412-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation