{"id":5572,"date":"2022-10-07T10:18:41","date_gmt":"2022-10-07T17:18:41","guid":{"rendered":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/?p=5572"},"modified":"2023-02-28T16:28:26","modified_gmt":"2023-02-28T23:28:26","slug":"a-large-scale-empirical-study-of-low-level-function-use-in-ethereum-smart-contracts-and-automated-replacement","status":"publish","type":"post","link":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/2022\/10\/07\/a-large-scale-empirical-study-of-low-level-function-use-in-ethereum-smart-contracts-and-automated-replacement\/","title":{"rendered":"A Large-scale Empirical Study of Low-level Function Use in Ethereum Smart Contracts and Automated Replacement"},"content":{"rendered":"<p>Rui Xi and Karthik Pattabiraman, <a href=\"https:\/\/onlinelibrary.wiley.com\/journal\/1097024x\">Journal of Software Practice and Experience (SPE)<\/a>. [ <a href=\"https:\/\/www.dropbox.com\/s\/69kojzti6p5h07r\/Rui-SPE-2022.pdf?dl=0\">PDF<\/a> ] (featured in the <a href=\"https:\/\/www.smartcontractresearch.org\/t\/research-summary-a-large-scale-empirical-study-of-low-level-function-use-in-ethereum-smart-contracts-and-automated-replacement\/2894\">Smart Contract Research Forum<\/a>)<br \/>\n<!--more--><br \/>\n<strong>This paper supercedes our <a href=\"https:\/\/blogs.ubc.ca\/dependablesystemslab\/2021\/12\/18\/when-they-go-low-automated-replacement-of-low-level-functions-in-ethereum-smart-contracts\/\">conference paper<\/a>. <\/strong><\/p>\n<p><strong>Abstract<\/strong>: The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high-level programming language. The Solidity language (in its early versions) provides features to exercise fine-grained control over smart contracts, whose usage is discouraged by later-released Solidity documentation, but nonetheless supported in later versions for backward compatibility. We define these features as low-level functions. However, the high-volume of transactions and the improper use of low-level functions lead to security exploits with heavy financial loss. Consequently, the documentation suggests secure alternatives to the use of low-level functions.<\/p>\n<p>In this paper, we first perform an empirical study on the use of low-level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real-world smart contracts. We find that low-level functions are widely used and that the majority of these uses are gratuitous. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with secure alternatives. Our experimental evaluation on the dataset shows that GoHigh successfully replaces all low-level functions with 4.9% fewer compiler warnings. Further, no unintended side-effects are introduced in 80% of the contracts, and the remaining 20% are not verifiable due to their external dependency. GoHigh saves more than 5% of the gas cost of the contract. Finally, GoHigh takes 7 seconds on average per contract.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rui Xi and Karthik Pattabiraman, Journal of Software Practice and Experience (SPE). [ PDF ] (featured in the Smart Contract Research Forum)<\/p>\n","protected":false},"author":10348,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[48,34,28,47,12],"class_list":["post-5572","post","type-post","status-publish","format-standard","hentry","category-publications","tag-48","tag-blockchain","tag-journal","tag-rui","tag-security"],"_links":{"self":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts\/5572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/users\/10348"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/comments?post=5572"}],"version-history":[{"count":7,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts\/5572\/revisions"}],"predecessor-version":[{"id":5667,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/posts\/5572\/revisions\/5667"}],"wp:attachment":[{"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/media?parent=5572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/categories?post=5572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ubc.ca\/dependablesystemslab\/wp-json\/wp\/v2\/tags?post=5572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}