Towards the Assessment and the Improvement of Smart Contract Security

Blockchain technologies (hereafter called Blockchain) allow storing information guaranteeing properties such as immutability, integrity and non-repudiation of data. Although Blockchain is not a panacea, this technology has rapidly evolved in recent years. The development of smart contracts (which automatically execute computerized transactions) has increased the application areas of the Blockchain. One of the most important issues is security; the problem is even more critical, considering that smart contracts cannot be patched once they are deployed into the Blockchain. Ethereum is one of the main platforms for smart contract development, and it offers Solidity as its primary (and Turingcomplete) language. Solidity is a new language which evolves rapidly. As a result, vulnerability records are still sparse, and consequently, the existing smart contract checking tools are still immature. On the other hand, Solidity is just another new programming language reusing its central notions from traditional languages extended by Ethereumspecific elements. Then, the most promising way to create a quality assurance process is adapting more general existing technologies to the peculiarities of Ethereum and, in particular, Solidity. Unfortunately, despite various studies and trials on the subject, no literature approach clearly solves the problems related to the vulnerability of smart contracts. To contribute to this hot field, we propose our methodology to assess and improve the smart contract security. At first, we address the problem of overcoming the Solidity rapid evolution through the definition of a set of 32 vulnerabilities and their language-independent classification in 10 categories. Then, we assess smart contract security by applying one of the most popular approaches to discover vulnerabilities: static analysis (SA). After selecting static analysis tools, we identify categories of vulnerabilities that SA tools cannot cover. Next step is to conduct an experimental campaign based on the analysis of contracts across the selected toolset. We realized that processing smart contracts, randomly extracted from Etherscan (a Blockchain explorer) with SA tools results in several positives. We determined thus, overall and for each category of vulnerabilities, the best-built tools (wrt. their effectiveness against the subset of 4 vulnerabilities they target) and the most effective ones (wrt. the entire vulnerability set). We found a lack of coverage of vulnerabilities in using each and every tool individually. This lack took us to the investigation of possible approaches to improve the security of smart contracts. A first approach has been to use several tools in a combined way to increase the coverage. Through this analysis we determined also the combinations with the highest coverage. Then we analyzed those vulnerabilities that escape the detection so to provide an ordering for deciding which vulnerabilities should be addressed first in the process of modifying static analysis tools to improve their coverage. As a last contribution, we investigated how to improve the tool effectiveness by determining where vulnerabilities are most likely located.