The Open Collections website will be undergoing maintenance on Wednesday December 7th from 9pm to 11pm PST. The site may be temporarily unavailable during this time.

UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

A large-scale empirical study of low-level function use in Ethereum smart contracts and automated replacement Xi, Rui

Abstract

The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high-level programming language. The Solidity language provides features to exercise fine-grained control over smart contracts, termed low-level functions. However, the high-volume of transactions and the improper use of low-level functions lead to security exploits with heavy financial losses. Consequently, the Solidity community has suggested secure alternatives to low-level functions. In this thesis, we first perform an empirical study on the use of low-level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real-world smart contracts. We find that low-level functions are widely used and that 95% of these uses are gratuitous, and are hence replaceable. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with secure high-level alternatives. Our experimental evaluation on the dataset shows that, among all the replaced contracts, about 80% of them do not introduce unintended side-effects, and the remaining 20% are not verifiable due to their external dependencies. Further, GoHigh saves more than 5% of the gas cost of the contract after replacement. Finally, GoHigh takes 7 seconds on average per contract.

Item Media

Item Citations and Data

Rights

Attribution-NonCommercial-NoDerivatives 4.0 International