Etherolic: A practical security analyzer for smart contracts

Abstract

In recent years we have seen a great deal of attention to the topic of security analysis in smart contracts, especially those developed for the Ethereum blockchain. As a result, there seems to be an evergrowing demand for secure smart contracts to protect what could potentially be worth billions. In this paper, we introduce Etherolic as a robust, scalable and efficient fuzzing tool based on concolic testing for performing security analysis on smart contracts. Our approach works based on a successful combination of dynamic taint tracking (DTA) and concolic testing that allows users to analyze the bytecode of smart contracts being run on the Ethereum Virtual Machine. Moreover, Etherolic is not only able to identify a wide spectrum of recent vulnerabilities in smart contracts, but also it generates exploits to trigger unknown errors in the code. In order to demonstrate the usefulness of our approach, we evaluated Etherolic on a crafted benchmark suite, comprising several real-world and synthetic smart contracts along with 98 safety features. The result of our preliminary evaluation reveals 204 security violations in the benchmarks.