Visible to the public An Empirical Study on Implicit Constraints in Smart Contract Static Analysis

TitleAn Empirical Study on Implicit Constraints in Smart Contract Static Analysis
Publication TypeConference Paper
Year of Publication2022
AuthorsYin, Tingting, Zhang, Chao, Ni, Yuandong, Wu, Yixiong, Wong, Taiyu, Luo, Xiapu, Li, Zheming, Guo, Yu
Conference Name2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)
Date Publishedmay
KeywordsCode audit, composability, Human Behavior, Implicit constraints, pubcrawl, reachability analysis, Resiliency, smart contract, smart contracts, software engineering, static analysis, static code analysis, Systematics, Time factors

Smart contracts are usually financial-related, which makes them attractive attack targets. Many static analysis tools have been developed to facilitate the contract audit process, but not all of them take account of two special features of smart contracts: (1) The external variables, like time, are constrained by real-world factors; (2) The internal variables persist between executions. Since these features import implicit constraints into contracts, they significantly affect the performance of static tools, such as causing errors in reachability analysis and resulting in false positives. In this paper, we conduct a systematic study on implicit constraints from three aspects. First, we summarize the implicit constraints in smart contracts. Second, we evaluate the impact of such constraints on the state-of-the-art static tools. Third, we propose a lightweight but effective mitigation method named ConSym to deal with such constraints and integrate it into OSIRIS. The evaluation result shows that ConSym can filter out 96% of false positives and reduce false negatives by two-thirds.

Citation Keyyin_empirical_2022