Distributed Ledger Technologies are an emerging reality opening the way to new application design paradigms like smart contracts-based distributed applications. If on one side they are creating new markets and opportunities, on the other they are exposing users to new security issues deriving from the scarce maturity in terms of security practices in their design and development. This paper raises a warning about the efficacy of a state-of-the-art software testing tool, namely Mythril, by challenging it with real smart contracts extracted from the Code4arena competitions and comparing its performance with security audits released during the contests. The paper highlights possible root causes of inefficiency, opening the way toward more scalable and efficient smart contract testing tools.

On the Efficacy of Smart Contract Analysis Tools / Bonomi, S.; Cappai, S.; Coppa, Emilio. - 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), (2023), pp. 37-38. (IEEE 34th International Symposium on Software Reliability Engineering (ISSRE), Firenze, IT, 7-12 ottobre 2023). [10.1109/ISSREW60843.2023.00041].

On the Efficacy of Smart Contract Analysis Tools

Coppa E.
2023

Abstract

Distributed Ledger Technologies are an emerging reality opening the way to new application design paradigms like smart contracts-based distributed applications. If on one side they are creating new markets and opportunities, on the other they are exposing users to new security issues deriving from the scarce maturity in terms of security practices in their design and development. This paper raises a warning about the efficacy of a state-of-the-art software testing tool, namely Mythril, by challenging it with real smart contracts extracted from the Code4arena competitions and comparing its performance with security audits released during the contests. The paper highlights possible root causes of inefficiency, opening the way toward more scalable and efficient smart contract testing tools.
2023
979-8-3503-1956-9
Smart contracts, vulnerability detection, symbolic execution, software testing, blockchains
File in questo prodotto:
File Dimensione Formato  
On_the_Efficacy_of_Smart_Contract_Analysis_Tools.pdf

Solo gestori archivio

Tipologia: Versione dell'editore
Licenza: Tutti i diritti riservati
Dimensione 731.7 kB
Formato Adobe PDF
731.7 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11385/236291
Citazioni
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
  • OpenAlex ND
social impact