This content originally appeared on HackerNoon and was authored by Tokenomy
Table of Links
Background
Motivating Example and Challenges
Design of AVVERIFIER and 4.1 Overview
Evaluation
5.1 Experimental Setup & Research Questions
5.2 RQ1: Effectiveness & Efficiency
Discussion
7 Related Work
Smart Contract Vulnerability Detection. Vulnerability detection in smart contracts employs varied methodologies dependent on input types and detection principles. Analyzing contracts can either occur at the high-level source code [35,55] or through the bytecode interfacing with the EVM [4, 38]. Further categorizing based on analytical techniques, static analysis delves into code structure and inherent semantics to identify vulnerabilities, often applied to source code evaluations. Dynamic analyses, more prevalent in bytecode assessments, utilize strategies such as fuzz testing to spot anomalies by bombarding contracts with randomized inputs [10, 44]. In addition to these, hybrid analysis methods are also gaining traction, combining static and dynamic analysis techniques for a more thorough examination of smart contracts. Through this combined approach, hybrid analysis helps in identifying a wider range of vulnerabilities [49, 57]. Furthermore, tracebased evaluations provide a unique perspective by scrutinizing historical transaction patterns, unearthing vulnerabilities from real-world usage patterns [23, 79].
\ Taint Analysis in Smart Contracts. Pioneering efforts in taint analysis have led to the development of tools tailored specifically for Ethereum contracts, adept at detecting common vulnerabilities such as unchecked send and reentrancy [6, 66]. Other research efforts have heightened the granularity of taint analysis to uncover intricate data leaks and permission oversights [72, 73]. Furthermore, several advanced methods have integrated both static and dynamic analysis techniques, blending the advantages of both to provide a more comprehensive security assessment [35, 47]. These collective advancements underscore the pivotal role of taint analysis in shaping a robust ecosystem for smart contracts.
\ Permission Checks and Access Control. Permission checks underpin smart contract security, preventing unauthorized actions which can lead to financial or data losses [22,52]. Many tools and frameworks now aid developers in verifying permissions [45, 67]. However, some advanced attacks can bypass traditional checks, underscoring the need for context-aware analysis [27, 80]. Rigorous permission validation remains crucial for a secure smart contract environment.
8 Conclusion
In this work, we present AVVERIFIER, a taint analyzer based on static EVM opcode simulation, which is designed for identifying the address verification vulnerability hidden in Ethereum smart contracts. With the help of the heuristic-based path selection method and taint propagation rules in Simulator, as well as the three-phase formal detection rules implemented in Detector, AVVERIFIER significantly outperforms Mythril in both terms of efficiency and effectiveness. According to a comprehensive evaluation on over 5 million contracts, as well as the behaviour characteristics they illustrate, it proves the necessity of implementing AVVERIFIER. Additionally, AVVERIFIER is proven efficient and effective enough to be a real-time detector on EVM-like blockchain platforms to raise early warnings once contracts are deployed.
Availability
We have released AVVERIFIER and the benchmark at link.
References
[1] Dedaub decompiler. https://app.dedaub.com/ decompile.
\ [2] Aave. Aave documentation hub. https:// docs.aave.com/hub/, 2023.
\ [3] Elvira Albert, Pablo Gordillo, Alejandro HernándezCerezo, and Albert Rubio. A max-smt superoptimizer for evm handling memory and storage. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 201–219. Springer, 2022.
\ [4] Elvira Albert, Pablo Gordillo, Benjamin Livshits, Albert Rubio, and Ilya Sergey. Ethir: A framework for highlevel analysis of ethereum bytecode. In International symposium on automated technology for verification and analysis, pages 513–520. Springer, 2018.
\ [5] Amir Ali, Zain Ul Abideen, and Kalim Ullah. Sescon: Secure ethereum smart contracts by vulnerable patterns’ detection. Security and Communication Networks, 2021:1–14, 2021.
\ [6] Ayman Alkhalifah, Alex Ng, Paul A Watters, and ASM Kayes. A mechanism to detect and prevent ethereum blockchain smart contract reentrancy attacks. Frontiers in Computer Science, 3:598780, 2021.
\ [7] Sidney Amani, Myriam Bégel, Maksym Bortin, and Mark Staples. Towards verifying ethereum smart contract bytecode in isabelle/hol. In Proceedings of the 7th ACM SIGPLAN international conference on certified programs and proofs, pages 66–77, 2018.
\ [8] Anyswap. Anyswap. https://github.com/anyswap, 2023.
\ [9] Douglas W Arner, Raphael Auer, and Jon Frost. Stablecoins: risks, potential and regulation. 2020.
\ \ \ [10] Imran Ashraf, Xiaoxue Ma, Bo Jiang, and Wing Kwong Chan. Gasfuzzer: Fuzzing ethereum smart contract binaries to expose gas-oriented exception security vulnerabilities. IEEE Access, 8:99552–99564, 2020.
\ [11] Beosin. Two vulnerabilities in one function: The analysis of visor finance exploit. https: //beosin.medium.com/two-vulnerabilitiesin-one-function-the-analysis-of-visorfinance-exploit-a15735e2492, 2023.
\ [12] BlockSecTeam. Blocksecteam blog on medium. https: //blocksecteam.medium.com/, 2023.
\ [13] BlockSecTeam. Tweet by blocksecteam. https://twitter.com/BlockSecTeam/status/ 1579843881893769222, 2023.
\ [14] Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, and Yannis Smaragdakis. Ethainter: a smart contract security analyzer for composite vulnerabilities. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 454–469, 2020.
\ [15] BscScan. Bscscan: The binance smart chain explorer. https://bscscan.com/, 2023.
\ [16] Dirk Bullmann, Jonas Klemm, and Andrea Pinna. In search for stability in crypto-assets: are stablecoins the solution? Available at SSRN 3444847, 2019.
\ [17] Vitalik Buterin. Ethereum: platform review. Opportunities and Challenges for Private and Consortium Blockchains, 45, 2016.
\ [18] Vitalik Buterin et al. A next-generation smart contract and decentralized application platform. white paper, 3(37):2–1, 2014.
\ [19] Cristian Cadar, Daniel Dunbar, Dawson R Engler, et al. Klee: Unassisted and automatic generation of highcoverage tests for complex systems programs. In OSDI, volume 8, pages 209–224, 2008.
\ [20] BNB Chain. Bnb chain official documentation: Overview. https://docs.bnbchain.org/docs/ overview, 2023.
\ [21] Huashan Chen, Marcus Pendleton, Laurent Njilla, and Shouhuai Xu. A survey on ethereum systems security: Vulnerabilities, attacks, and defenses. ACM Computing Surveys (CSUR), 53(3):1–43, 2020.
\ [22] Jiachi Chen, Xin Xia, David Lo, and John Grundy. Why do smart contracts self-destruct? investigating the selfdestruct function on ethereum. ACM Transactions on Software Engineering and Methodology (TOSEM), 31(2):1– 37, 2021.
\ [23] Ting Chen, Zihao Li, Yufei Zhang, Xiapu Luo, Ang Chen, Kun Yang, Bin Hu, Tong Zhu, Shifang Deng, Teng Hu, et al. Dataether: Data exploration framework for ethereum. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1369–1380. IEEE, 2019.
\ [24] CoinMarketCap. Bnb (binance coin) statistics. https: //coinmarketcap.com/currencies/bnb/, 2023.
\ [25] Compound. Compound protocol documentation. https://docs.compound.finance/, 2023.
\ [26] Filippo Contro, Marco Crosara, Mariano Ceccato, and Mila Dalla Preda. Ethersolve: Computing an accurate control-flow graph from ethereum bytecode. In 2021 IEEE/ACM 29th International Conference on Program Comprehension (ICPC), pages 127–137. IEEE, 2021.
\ [27] Jason Paul Cruz, Yuichi Kaji, and Naoto Yanai. Rbac-sc: Role-based access control using smart contract. Ieee Access, 6:12240–12251, 2018.
\ [28] Chris Dannen. Introducing Ethereum and solidity, volume 1. Springer, 2017.
\ [29] Rosie Dunford, Quanrong Su, and Ekraj Tamang. The pareto principle. 2014.
\ [30] Ethereum. Ethereum ide and tools for the web. http: //remix.ethereum.org/, 2020.
\ [31] Josselin Feist, Gustavo Grieco, and Alex Groce. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE, 2019.
\ [32] Convex Finance. Convex finance official documentation. https://docs.convexfinance.com/ convexfinance/, 2023.
\ [33] Joel Frank, Cornelius Aschermann, and Thorsten Holz. {ETHBMC}: A bounded model checker for smart contracts. In 29th USENIX Security Symposium (USENIX Security 20), pages 2757–2774, 2020.
\ [34] Michael Fröwis, Andreas Fuchs, and Rainer Böhme. Detecting token systems on ethereum. In Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Frigate Bay, St. Kitts and Nevis, February 18–22, 2019, Revised Selected Papers 23, pages 93– 112. Springer, 2019.
\ [35] Jianbo Gao, Han Liu, Chao Liu, Qingshan Li, Zhi Guan, and Zhong Chen. Easyflow: Keep ethereum away from overflow. In 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 23–26. IEEE, 2019.
\ [36] Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. Gigahorse: thorough, declarative decompilation of smart contracts. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pages 1176–1186. IEEE, 2019.
\ [37] Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages, 2(OOPSLA):1–27, 2018.
\ [38] Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. Ethertrust: Sound static analysis of ethereum bytecode. Technische Universität Wien, Tech. Rep, pages 1–41, 2018.
\ [39] Fabio Gritti, Nicola Ruaro, Robert McLaughlin, Priyanka Bose, Dipanjan Das, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna. Confusum contractum: confused deputy vulnerabilities in ethereum smart contracts. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1793–1810, 2023.
\ [40] Ningyu He, Lei Wu, Haoyu Wang, Yao Guo, and Xuxian Jiang. Characterizing code clones in the ethereum smart contract ecosystem. In Financial Cryptography and Data Security: 24th International Conference, FC 2020, Kota Kinabalu, Malaysia, February 10–14, 2020 Revised Selected Papers 24, pages 654–675. Springer, 2020.
\ [41] Ningyu He, Ruiyi Zhang, Haoyu Wang, Lei Wu, Xiapu Luo, Yao Guo, Ting Yu, and Xuxian Jiang. {EOSAFE}: security analysis of {EOSIO} smart contracts. In 30th USENIX Security Symposium (USENIX Security 21), pages 1271–1288, 2021.
\ [42] Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon Moore, Daejun Park, Yi Zhang, Andrei Stefanescu, et al. Kevm: A complete formal semantics of the ethereum virtual machine. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pages 204–217. IEEE, 2018.
\ [43] Yoichi Hirai. Defining the ethereum virtual machine for interactive theorem provers. In Financial Cryptography and Data Security: FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers 21, pages 520–535. Springer, 2017.
\ [44] Bo Jiang, Ye Liu, and Wing Kwong Chan. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pages 259–269, 2018.
\ [45] Priyanka Kamboj, Shivang Khare, and Sujata Pal. User authentication using blockchain based smart contract in role-based access control. Peer-to-Peer Networking and Applications, 14(5):2961–2976, 2021.
\ [46] Johannes Krupp and Christian Rossow. {teEther}: Gnawing at ethereum to automatically exploit smart contracts. In 27th USENIX Security Symposium (USENIX Security 18), pages 1317–1333, 2018.
\ [47] Satpal Singh Kushwaha, Sandeep Joshi, Dilbag Singh, Manjit Kaur, and Heung-No Lee. Ethereum smart contract analysis tools: A systematic review. IEEE Access, 10:57037–57062, 2022.
\ [48] Satpal Singh Kushwaha, Sandeep Joshi, Dilbag Singh, Manjit Kaur, and Heung-No Lee. Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access, 10:6605–6621, 2022.
\ [49] Xiaoqi Li et al. Hybrid analysis of smart contracts and malicious behaviors in ethereum. 2021.
\ [50] Haojun Liu, Xinbo Luo, Hongrui Liu, and Xubo Xia. Merkle tree: A fundamental component of blockchains. In 2021 International Conference on Electronic Information Engineering and Computer Science (EIECS), pages 556–561. IEEE, 2021.
\ [51] Jiageng Liu, Igor Makarov, and Antoinette Schoar. Anatomy of a run: The terra luna crash. Technical report, National Bureau of Economic Research, 2023.
\ [52] Ye Liu, Yi Li, Shang-Wei Lin, and Cyrille Artho. Finding permission bugs in smart contracts with role mining. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 716–727, 2022.
\ [53] DeFi Llama. Ethereum defi statistics. https:// defillama.com/chain/Ethereum, 2023.
\ [54] DeFi Llama. Hacks. https://defillama.com/?tvl= true, 2023.
\ [55] Fuchen Ma, Ying Fu, Meng Ren, Mingzhe Wang, Yu Jiang, Kaixiang Zhang, Huizhong Li, and Xiang Shi. Evm: From offline detection to online reinforcement for ethereum virtual machine. In 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), pages 554–558. IEEE, 2019.
\ [56] Fuchen Ma, Meng Ren, Ying Fu, Mingzhe Wang, Huizhong Li, Houbing Song, and Yu Jiang. Security reinforcement for ethereum virtual machine. Information Processing & Management, 58(4):102565, 2021.
\ [57] Fuchen Ma, Meng Ren, Lerong Ouyang, Yuanliang Chen, Juan Zhu, Ting Chen, Yingli Zheng, Xiao Dai, Yu Jiang, and Jiaguang Sun. Pied-piper: Revealing the backdoor threats in ethereum erc token contracts. ACM Transactions on Software Engineering and Methodology, 32(3):1–24, 2023.
\ [58] Fuchen Ma, Zhenyang Xu, Meng Ren, Zijing Yin, Yuanliang Chen, Lei Qiao, Bin Gu, Huizhong Li, Yu Jiang, and Jiaguang Sun. Pluto: Exposing vulnerabilities in inter-contract scenarios. IEEE Transactions on Software Engineering, 48(11):4380–4396, 2021.
\ [59] Pengxiang Ma, Ningyu He, Yuhua Huang, Haoyu Wang, and Xiapu Luo. Abusing the ethereum smart contract verification services for fun and profit. arXiv preprint arXiv:2307.00549, 2023.
\ [60] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Decentralized business review, 2008.
\ [61] Robert Norvill, Beltran Borja Fiz Pontiveros, Radu State, Irfan Awan, and Andrea Cullen. Automated labeling of unknown contracts in ethereum. In 2017 26th International Conference on Computer Communication and Networks (ICCCN), pages 1–6. IEEE, 2017.
\ [62] Gustavo A Oliva, Ahmed E Hassan, and Zhen Ming Jiang. An exploratory study of smart contracts in the ethereum blockchain platform. Empirical Software Engineering, 25:1864–1904, 2020.
\ [63] OpenZeppelin. Erc20 tokens. https: //docs.openzeppelin.com/contracts/4.x/erc20, 2023.
\ [64] OpenZeppelin. Openzeppelin contracts: Access control. https://github.com/OpenZeppelin/ openzeppelin-contracts/tree/master/ contracts/access, 2023.
\ [65] PeckShieldAlert. Tweet by peckshieldalert. https://twitter.com/PeckShieldAlert/status/ 1483363515411099651, 2023.
\ [66] Michael Rodler, Wenting Li, Ghassan O Karame, and Lucas Davi. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934, 2018.
\ [67] Sina Shahab and Zaheer Allam. Reducing transaction costs of tradable permit schemes using blockchain smart contracts. Growth and Change, 51(1):302–308, 2020.
\ [68] SlowMist. Slowmist 2022 blockchain security and aml analysis annual report. Medium, 2022. [69] Para Space. Para space official documentation. https: //docs.para.space/para-space/, 2023.
\ [70] Mythril Team. Mythril: Security analysis tool for ethereum smart contracts. https://github.com/ ConsenSys/mythril, 2018.
\ [71] Huang Teng, Wayneyuan Tian, Haocheng Wang, and Zhiyuan Yang. Applications of the decentralized finance (defi) on the ethereum. In 2022 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC), pages 573–578. IEEE, 2022.
\ [72] Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain, pages 9–16, 2018.
\ [73] Christof Ferreira Torres, Julian Schütte, and Radu State. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference, pages 664–676, 2018.
\ [74] Uniswap. Uniswap official documentation. https: //docs.uniswap.org/, 2023.
\ [75] Maximilian Wohrer and Uwe Zdun. Smart contracts: security patterns in the ethereum ecosystem and solidity. In 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pages 2–8. IEEE, 2018.
\ [76] Pengcheng Xia, Haoyu Wang, Bingyu Gao, Weihang Su, Zhou Yu, Xiapu Luo, Chao Zhang, Xusheng Xiao, and Guoai Xu. Trade or trick? detecting and characterizing scam tokens on uniswap decentralized exchange. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 5(3):1–26, 2021.
\ [77] Jiahua Xu and Nikhil Vadgama. From banks to defi: the evolution of the lending market. Enabling the Internet of Value: How Blockchain Connects Global Businesses, pages 53–66, 2022.
\ [78] Jiaming Ye, Mingliang Ma, Yun Lin, Lei Ma, Yinxing Xue, and Jianjun Zhao. Vulpedia: Detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures. Journal of Systems and Software, 192:111410, 2022.
\ [79] Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. {TXSPECTOR}: Uncovering attacks in ethereum from transactions. In 29th USENIX Security Symposium (USENIX Security 20), pages 2775–2792, 2020.
\ [80] Yuanyu Zhang, Shoji Kasahara, Yulong Shen, Xiaohong Jiang, and Jianxiong Wan. Smart contract-based access control for the internet of things. IEEE Internet of Things Journal, 6(2):1594–1605, 2018.
\
:::info Authors:
(1) Tianle Sun, Huazhong University of Science and Technology;
(2) Ningyu He, Peking University;
(3) Jiang Xiao, Huazhong University of Science and Technology;
(4) Yinliang Yue, Zhongguancun Laboratory;
(5) Xiapu Luo, The Hong Kong Polytechnic University;
(6) Haoyu Wang, Huazhong University of Science and Technology.
:::
:::info This paper is available on arxiv under CC BY 4.0 DEED license.
:::
\
This content originally appeared on HackerNoon and was authored by Tokenomy
Tokenomy | Sciencx (2025-07-17T10:00:08+00:00) A Static Taint Analyzer for Address Verification Vulnerabilities in Ethereum. Retrieved from https://www.scien.cx/2025/07/17/a-static-taint-analyzer-for-address-verification-vulnerabilities-in-ethereum/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.