{"id":5404,"date":"2021-12-18T10:43:34","date_gmt":"2021-12-18T17:43:34","guid":{"rendered":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/?p=5404"},"modified":"2022-06-02T18:54:49","modified_gmt":"2022-06-03T01:54:49","slug":"when-they-go-low-automated-replacement-of-low-level-functions-in-ethereum-smart-contracts","status":"publish","type":"post","link":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/2021\/12\/18\/when-they-go-low-automated-replacement-of-low-level-functions-in-ethereum-smart-contracts\/","title":{"rendered":"When They Go Low: Automated Replacement of Low-level Functions in Ethereum Smart Contracts"},"content":{"rendered":"<p>Rui Xi and Karthik Pattabiraman, Proceedings of the <a href=\"https:\/\/saner2022.uom.gr\/\">IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022<\/a>. (Acceptance Rate: 36%) [ <a href=\"https:\/\/www.dropbox.com\/s\/wipbjllu96s9btn\/saner2022-rui.pdf?dl=0\">PDF<\/a> | <a href=\"https:\/\/www.dropbox.com\/s\/f1fl43w265onio8\/SANER_22_Sildes.pdf?dl=0\">Talk<\/a> ] (<a href=\"https:\/\/github.com\/DependableSystemsLab\/GoHigh\">Code<\/a>)<br \/>\n<!--more--><\/p>\n<p><strong>Abstract:<\/strong> Smart contracts in the Ethereum blockchain are typically written using a high-level, Turing-complete language called Solidity. However, the Solidity language has many features to allow programmers fine-grained control over their smart contracts. We call these features low-level functions. Unfortunately, the improper use of low-level functions can lead to security vulnerabilities leading to heavy financial losses. Therefore, the Solidity community has suggested alternatives for the low-level functions in the official guidelines for developers.<\/p>\n<p>We first perform a large-scale empirical study on the use of low-level functions in Ethereum smart contracts written in Solidity. We find that such functions are widely used in real-world Ethereum smart contracts, and that the majority of these uses are unnecessary for the smart contract&#8217;s functionality. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with high-level alternatives. We evaluate GoHigh on over 300,000 real-world smart contracts on the Ethereum blockchain. GoHigh replaces all low-level functions that are amenable to replacement in the contracts with 17% fewer compiler warnings, and the externally-visible behaviors of at least 92% of the replaced contracts are identical to the original ones. Finally, GoHigh takes 7 seconds on average per contract. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rui Xi and Karthik Pattabiraman, Proceedings of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022. (Acceptance Rate: 36%) [ PDF | Talk ] (Code)<\/p>\n","protected":false},"author":10348,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[48,34,4,47,12],"class_list":["post-5404","post","type-post","status-publish","format-standard","hentry","category-publications","tag-48","tag-blockchain","tag-conference","tag-rui","tag-security"],"_links":{"self":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts\/5404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/users\/10348"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/comments?post=5404"}],"version-history":[{"count":10,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts\/5404\/revisions"}],"predecessor-version":[{"id":5512,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts\/5404\/revisions\/5512"}],"wp:attachment":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/media?parent=5404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/categories?post=5404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/tags?post=5404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}