Related papers: How Do Solidity Versions Affect Vulnerability Detection Tools? An Empirical Study

How Do Solidity Versions Affect Vulnerability Detection Tools? An Empirical Study

URL: http://arxiv.org/abs/2504.05515v1
Date: Mon, 07 Apr 2025 21:15:59 GMT
Title: How Do Solidity Versions Affect Vulnerability Detection Tools? An Empirical Study
Authors: Gerardo Iuliano, Davide Corradini, Michele Pasqua, Mariano Ceccato, Dario Di Nucci,
Abstract summary: Smart contracts are written in Solidity, a programming language that is rapidly evolving to add features and improvements to enhance smart contract security.<n>New versions of Solidity change the compilation process, potentially affecting how tools interpret and analyze smart contract code.<n>We aim to investigate the compatibility of detection tools with Solidity versions.
Score: 7.236325471627686
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Context: Smart contract vulnerabilities pose significant security risks for the Ethereum ecosystem, driving the development of automated tools for detection and mitigation. Smart contracts are written in Solidity, a programming language that is rapidly evolving to add features and improvements to enhance smart contract security. New versions of Solidity change the compilation process, potentially affecting how tools interpret and analyze smart contract code. Objective: In such a continuously evolving landscape, we aim to investigate the compatibility of detection tools with Solidity versions. More specifically, we present a plan to study detection tools by empirically assessing (i) their compatibility with the Solidity pragma directives, (ii) their detection effectiveness, and (iii) their execution time across different versions of Solidity. Method: We will conduct an exploratory study by running several tools and collecting a large number of real-world smart contracts to create a balanced dataset. We will track and analyze the tool execution through SmartBugs, a framework that facilitates the tool execution and allows the integration of new tools.

Related papers

Automated Vulnerability Injection in Solidity Smart Contracts: A Mutation-Based Approach for Benchmark Development [2.0074256613821033]
This work evaluates whether mutation seeding can effectively inject vulnerabilities into Solidity-based smart contracts. We propose MuSe, a tool to generate vulnerable smart contracts by leveraging pattern-based mutation operators. We analyzed these vulnerable smart contracts using Slither, a static analysis tool, to determine its capacity to identify them and assess their validity.
arXiv Detail & Related papers (2025-04-22T14:46:18Z)
Generative Large Language Model usage in Smart Contract Vulnerability Detection [8.720242549772154]
This paper presents a systematic review of the current LLM-based smart contract vulnerability detection tools.<n>We compare them against traditional static and dynamic analysis tools Slither and Mythril.<n>Our analysis highlights key areas where each performs better and shows that while these tools show promise, the LLM-based tools available for testing are not ready to replace more traditional tools.
arXiv Detail & Related papers (2025-04-07T02:33:40Z)
SolBench: A Dataset and Benchmark for Evaluating Functional Correctness in Solidity Code Completion and Repair [51.0686873716938]
We introduce SolBench, a benchmark for evaluating the functional correctness of Solidity smart contracts generated by code completion models. We propose a Retrieval-Augmented Code Repair framework to verify functional correctness of smart contracts. Results show that code repair and retrieval techniques effectively enhance the correctness of smart contract completion while reducing computational costs.
arXiv Detail & Related papers (2025-03-03T01:55:20Z)
A Multi-Agent Framework for Automated Vulnerability Detection and Repair in Solidity and Move Smart Contracts [4.3764649156831235]
This paper presents Smartify, a novel multi-agent framework leveraging Large Language Models (LLMs) to automatically detect and repair vulnerabilities in Solidity and Move smart contracts.<n>Smartify employs a team of specialized agents working on different specially fine-tuned LLMs to analyze code based on underlying programming concepts and language-specific security principles.<n>Our results show that Smartify achieves state-of-the-art performance, surpassing existing LLMs and enhancing general-purpose models' capabilities, such as Llama 3.1.
arXiv Detail & Related papers (2025-02-22T20:30:47Z)
Adaptive Tool Use in Large Language Models with Meta-Cognition Trigger [49.81945268343162]
We propose MeCo, an adaptive decision-making strategy for external tool use.<n>MeCo captures high-level cognitive signals in the representation space, guiding when to invoke tools.<n>Our experiments show that MeCo accurately detects LLMs' internal cognitive signals and significantly improves tool-use decision-making.
arXiv Detail & Related papers (2025-02-18T15:45:01Z)
SMART: Self-Aware Agent for Tool Overuse Mitigation [58.748554080273585]
Current Large Language Model (LLM) agents demonstrate strong reasoning and tool use capabilities, but often lack self-awareness.<n>This imbalance leads to Tool Overuse, where models unnecessarily rely on external tools for tasks with parametric knowledge.<n>We introduce SMART (Strategic Model-Aware Reasoning with Tools), a paradigm that enhances an agent's self-awareness to optimize task handling and reduce tool overuse.
arXiv Detail & Related papers (2025-02-17T04:50:37Z)
ToolCoder: A Systematic Code-Empowered Tool Learning Framework for Large Language Models [49.04652315815501]
Tool learning has emerged as a crucial capability for large language models (LLMs) to solve complex real-world tasks through interaction with external tools.<n>We propose ToolCoder, a novel framework that reformulates tool learning as a code generation task.
arXiv Detail & Related papers (2025-02-17T03:42:28Z)
LLM-SmartAudit: Advanced Smart Contract Vulnerability Detection [3.1409266162146467]
This paper introduces LLM-SmartAudit, a novel framework to detect and analyze vulnerabilities in smart contracts. Using a multi-agent conversational approach, LLM-SmartAudit employs a collaborative system with specialized agents to enhance the audit process. Our framework can detect complex logic vulnerabilities that traditional tools have previously overlooked.
arXiv Detail & Related papers (2024-10-12T06:24:21Z)
Codev-Bench: How Do LLMs Understand Developer-Centric Code Completion? [60.84912551069379]
We present the Code-Development Benchmark (Codev-Bench), a fine-grained, real-world, repository-level, and developer-centric evaluation framework. Codev-Agent is an agent-based system that automates repository crawling, constructs execution environments, extracts dynamic calling chains from existing unit tests, and generates new test samples to avoid data leakage.
arXiv Detail & Related papers (2024-10-02T09:11:10Z)
A security framework for Ethereum smart contracts [13.430752634838539]
This article presents ESAF, a framework for analysis of smart contracts. It aims to unify and facilitate the task of analyzing smart contract vulnerabilities. It can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.
arXiv Detail & Related papers (2024-02-05T22:14:21Z)
SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts [0.757843972001219]
Smart contracts are blockchain programs that often handle valuable assets. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis have been proposed. We present SmartBugs 2.0, a modular execution framework for smart contract analysis.
arXiv Detail & Related papers (2023-06-08T09:22:25Z)
Enhancing Smart Contract Security Analysis with Execution Property Graphs [48.31617821205042]
We introduce Clue, a dynamic analysis framework specifically designed for a runtime virtual machine. Clue captures critical information during contract executions, employing a novel graph-based representation, the Execution Property Graph. evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools.
arXiv Detail & Related papers (2023-05-23T13:16:42Z)

This list is automatically generated from the titles and abstracts of the papers in this site.