Abstract
We analyze the usage of the SafeMath library on the blockchain with a data set of 6.9 million bytecodes of Ethereum smart contracts. This library provides safe arithmetic operations for contracts. In order to detect smart contracts that make use of the library from the bytecode alone, we perform the following five steps: download all available library versions, write test contracts that use the library, compile all test contracts with all compatible compiler versions, extract the internal library functions from the compiled bytecode, and search for contracts on the blockchain that use these library function bytecodes. In total, we detect usage of the SafeMath library in 1.34% of all smart contracts on the blockchain and in 27.52% of all distinct contract codes. To evaluate our approach, we use more than 50,000 verified contracts from Etherscan for which both the Solidity source code and the bytecode is available. Our algorithm correctly detects library usage for 86.34% of the smart contracts in the evaluation set.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The CREATE2 instruction was introduced only after our data collection process.
- 2.
References
Buterin, V.: A next-generation smart contract and decentralized application platform. white paper (2014)
Payette, J., Schwager, S., Murphy, J.: Characterizing the ethereum address space (2017)
Norvill, R., Awan, I.U., Pontiveros, B.B.F., Cullen, A.J.: Automated labeling of unknown contracts in Ethereum (2017)
Fröwis, M., Fuchs, A., Böhme, R.: Detecting Token Systems on Ethereum. arXiv preprint arXiv:1811.11645 (2018)
Bartoletti, M., Carta, S., Cimoli, T., Saia, R.: Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact. arXiv preprint arXiv:1703.03779 (2017)
Chen, W., Zheng, Z., Cui, J., Ngai, E., Zheng, P., Zhou, Y.: Detecting ponzi schemes on ethereum: towards healthier blockchain technology. In: Proceedings of the 2018 World Wide Web Conference on World Wide Web, pp. 1409–1418 (2018)
OpenZeppelin: OpenZeppelin is a library for secure smart contract development. https://github.com/OpenZeppelin/openzeppelin-solidity. Accessed on 07 July 2019
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts. IACR Cryptology ePrint Archive, vol. 2016, p. 1007 (2016)
Wood, G.: Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, vol. 151, pp. 1–32 (2014)
Kiffer, L., Levin, D., Mislove, A.: Analyzing Ethereum’s Contract Topology. In: Proceedings of the Internet Measurement Conference, vol. 2018, pp. 494–499 (2018)
Zhou, Y., Kumar, D., Bakshi, S., Mason, J., Miller, A., Bailey, M.: Erays: reverse engineering ethereum’s opaque smart contracts. In: 27th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 18), pp. 1371–1385 (2018)
Ferreira Torres, C., Schütte, J., State, R.: Osiris: Hunting for integer bugs in ethereum smart contracts. In: 34th Annual Computer Security Applications Conference (ACSAC 2018), San Juan, Puerto Rico, USA, 3–7 December 2018 (2018)
Reibel, P., Yousaf, H., Meiklejohn, S.: Short Paper: an exploration of code diversity in the cryptocurrency landscape (2019)
Di Angelo, M., Salzer, G.: A survey of tools for analyzing ethereum smart contracts. In: 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hefele, A., Gallersdörfer, U., Matthes, F. (2019). Library Usage Detection in Ethereum Smart Contracts. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C., Meersman, R. (eds) On the Move to Meaningful Internet Systems: OTM 2019 Conferences. OTM 2019. Lecture Notes in Computer Science(), vol 11877. Springer, Cham. https://doi.org/10.1007/978-3-030-33246-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-33246-4_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33245-7
Online ISBN: 978-3-030-33246-4
eBook Packages: Computer ScienceComputer Science (R0)