- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- A large-scale empirical study of low-level function...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
A large-scale empirical study of low-level function use in Ethereum smart contracts and automated replacement Xi, Rui
Abstract
The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high-level programming language. The Solidity language provides features to exercise fine-grained control over smart contracts, termed low-level functions. However, the high-volume of transactions and the improper use of low-level functions lead to security exploits with heavy financial losses. Consequently, the Solidity community has suggested secure alternatives to low-level functions. In this thesis, we first perform an empirical study on the use of low-level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real-world smart contracts. We find that low-level functions are widely used and that 95% of these uses are gratuitous, and are hence replaceable. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with secure high-level alternatives. Our experimental evaluation on the dataset shows that, among all the replaced contracts, about 80% of them do not introduce unintended side-effects, and the remaining 20% are not verifiable due to their external dependencies. Further, GoHigh saves more than 5% of the gas cost of the contract after replacement. Finally, GoHigh takes 7 seconds on average per contract.
Item Metadata
| Title |
A large-scale empirical study of low-level function use in Ethereum smart contracts and automated replacement
|
| Creator | |
| Supervisor | |
| Publisher |
University of British Columbia
|
| Date Issued |
2022
|
| Description |
The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high-level programming language. The Solidity language provides features to exercise fine-grained control over smart contracts, termed low-level functions. However, the high-volume of transactions and the improper use of low-level functions lead to security exploits with heavy financial losses. Consequently, the Solidity community has suggested secure alternatives to low-level functions.
In this thesis, we first perform an empirical study on the use of low-level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real-world smart contracts. We find that low-level functions are widely used and that 95% of these uses are gratuitous, and are hence replaceable. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with secure high-level alternatives. Our experimental evaluation on the dataset shows that, among all the replaced contracts, about 80% of them do not introduce unintended side-effects, and the remaining 20% are not verifiable due to their external dependencies. Further, GoHigh saves more than 5% of the gas cost of the contract after replacement. Finally, GoHigh takes 7 seconds on average per contract.
|
| Genre | |
| Type | |
| Language |
eng
|
| Date Available |
2022-07-05
|
| Provider |
Vancouver : University of British Columbia Library
|
| Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
| DOI |
10.14288/1.0416021
|
| URI | |
| Degree | |
| Program | |
| Affiliation | |
| Degree Grantor |
University of British Columbia
|
| Graduation Date |
2022-11
|
| Campus | |
| Scholarly Level |
Graduate
|
| Rights URI | |
| Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International