<p>Smart contracts are the fundamental building block of decentralized applications (DApps) and decentralized finance (DeFi). However, their immutability makes security flaws exceptionally costly. Despite advancements in vulnerability detection, such as static and dynamic analysis, formal verification, and Solidity language improvements, vulnerabilities continue to result in substantial financial losses, exceeding $2 billion in 2024 alone. This paper presents a comprehensive analysis of smart contract vulnerabilities derived from real-world exploits, systematically categorized into seven distinct types. Each category is illustrated with Solidity code examples and insights from notable exploits. An <i>Enhanced</i> test suite is developed by restructuring the existing <i>solidity-defects-and-bugs</i> suite and supplementing it with new smart contract implementations to address underrepresented vulnerabilities, including flash loan and price oracle manipulation. We evaluate three widely used analysis tools (Slither, Mythril, and 4naly3er) on both the original and Enhanced suites, revealing substantial limitations in detection coverage. To address these limitations, we introduce the Solidity Defects and Bugs Analysis (SDABA), which incorporates advanced analyses and detectors to identify 28 vulnerability variations across both suites. Results on the SDB and Enhanced test suites show that SDABA improves overall precision, recall, and F1-score compared with the evaluated tools. Finally, we release the source code, test suite, and vulnerability reports to support future research in smart contract security.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Solidity Defects and Bugs Analysis (SDABA): A novel framework for smart contract vulnerability detection and benchmarking

  • Abdur Rehman Raza,
  • Muhammad Haseeb,
  • Shahzaib Tahir,
  • Asif Masood,
  • M. Jaleed Khan,
  • Hammad Afzal

摘要

Smart contracts are the fundamental building block of decentralized applications (DApps) and decentralized finance (DeFi). However, their immutability makes security flaws exceptionally costly. Despite advancements in vulnerability detection, such as static and dynamic analysis, formal verification, and Solidity language improvements, vulnerabilities continue to result in substantial financial losses, exceeding $2 billion in 2024 alone. This paper presents a comprehensive analysis of smart contract vulnerabilities derived from real-world exploits, systematically categorized into seven distinct types. Each category is illustrated with Solidity code examples and insights from notable exploits. An Enhanced test suite is developed by restructuring the existing solidity-defects-and-bugs suite and supplementing it with new smart contract implementations to address underrepresented vulnerabilities, including flash loan and price oracle manipulation. We evaluate three widely used analysis tools (Slither, Mythril, and 4naly3er) on both the original and Enhanced suites, revealing substantial limitations in detection coverage. To address these limitations, we introduce the Solidity Defects and Bugs Analysis (SDABA), which incorporates advanced analyses and detectors to identify 28 vulnerability variations across both suites. Results on the SDB and Enhanced test suites show that SDABA improves overall precision, recall, and F1-score compared with the evaluated tools. Finally, we release the source code, test suite, and vulnerability reports to support future research in smart contract security.