sCompile: Critical Path Identification and Analysis for Smart Contracts

  • Jialiang ChangEmail author
  • Bo Gao
  • Hao Xiao
  • Jun Sun
  • Yan Cai
  • Zijiang Yang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11852)


Ethereum smart contracts are an innovation built on top of the blockchain technology, which provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The problem is magnified by the fact that smart contracts, unlike ordinary programs, cannot be patched easily once deployed. It is important for smart contracts to be checked against potential vulnerabilities. In this work, we propose an alternative approach to automatically identify critical program paths (with multiple function calls including inter-contract function calls) in a smart contract, rank the paths according to their criticalness, discard them if they are infeasible or otherwise present them with user friendly warnings for user inspection. We identify paths which involve monetary transaction as critical paths, and prioritize those which potentially violate important properties. For scalability, symbolic execution techniques are only applied to top ranked critical paths. Our approach has been implemented in a tool called sCompile, which has been applied to 36,099 smart contracts. The experiment results show that sCompile is efficient, i.e., 5 s on average for one smart contract. Furthermore, we show that many known vulnerabilities can be captured if user inspects as few as 10 program paths generated by sCompile. Lastly, sCompile discovered 224 unknown vulnerabilities with a false positive rate of 15.4% before user inspection.


Blockchain Symbolic testing Smart contract 



This work is supported by the Singapore Ministry of Education (MOE) Academic Research Fund (AcRF) Tier 1 grant, the Youth Innovation Promotion Association of the Chinese Academy of Sciences (YICAS) (Grant No. 2017151), the Young Elite Scientists Sponsorship Program by CAST (Grant No. 2017QNRC001), and the Blockchain Technology and Application Joint Laboratory, Guiyang Academy of Information Technology (Institute of Software Chinese Academy of Sciences Guiyang Branch).


  1. 1.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Diffie, W., Hellman, M.E.: Multiuser cryptographic techniques. In: Proceedings of the June 7–10, 1976, National Computer Conference and Exposition, AFIPS 1976, pp. 109–112. ACM, New York (1976)Google Scholar
  3. 3.
    Jorstad, N.D., Landgrave, T.S.: Cryptographic algorithm metrics. In: 20th National Information Systems Security Conference (1997)Google Scholar
  4. 4.
    Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991). Scholar
  5. 5.
    Brito , J., Castillo, A.: Bitcoin: a primer for policymakers. Mercatus Center at George Mason University (2013)Google Scholar
  6. 6.
    Narayanan, A., Bonneau, J., Felten, E., Miller, A., Goldfeder, S.: Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, Princeton (2016)zbMATHGoogle Scholar
  7. 7.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)Google Scholar
  8. 8.
    Solidity, the contract-oriented programming language. Accessed 12 June 2019
  9. 9.
    Attack - the dao - the dao. Accessed 12 June 2019
  10. 10.
    Turing, A.M.: On computable numbers, with an application to the Entscheidungs problem. Proc. London Math. Soc. 42, 230–265 (1937)CrossRefGoogle Scholar
  11. 11.
    Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)Google Scholar
  12. 12.
    Ethereum (eth) blockchain explorer. Accessed 30 June 2018
  13. 13.
    Kalra, S., Goel, S., Dhawan, M., Sharmar, S.: Zeus: analyzing safety of smart contracts. In: Network and Distributed Systems Security Symposium 2018, pp. 1–12. internetsociety (2018)Google Scholar
  14. 14.
    Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. arXiv preprint arXiv:1802.06038 (2018)
  15. 15.
    Allen, F.E.: Control flow analysis. In: ACM Sigplan Notices, vol. 5, pp. 1–19. ACM (1970)Google Scholar
  16. 16.
    Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 367–381. Springer, Heidelberg (2008). Scholar
  17. 17.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). Scholar
  18. 18.
    Another parity wallet hack explained. Accessed 06 June 2018
  19. 19.
    Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ Quality Press, Hardcover (2003)Google Scholar
  20. 20.
    Devijver, P.A., Kittler, J.: Pattern Recognition: A Statistical Approach. Prentice hall, Englewood Cliffs (1982)zbMATHGoogle Scholar
  21. 21.
    Kohavi, R., et al.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: Ijcai, vol. 14, pp. 1137–1145. Montreal, Canada (1995)Google Scholar
  22. 22.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)MathSciNetCrossRefGoogle Scholar
  23. 23.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). Scholar
  24. 24.
    ConsenSys. Mythril: Security analysis of ethereum smart contracts (2018). Accessed 30 May 2018
  25. 25.
    trailofbits. Manticore: Symbolic execution tool (2018). Accessed 30 May 2018
  26. 26.
    Jiang, B., Liu, Y., Chan, W.K.: Contractfuzzer: Fuzzing smart contracts for vulnerability detection. arXiv preprint arXiv:1807.03932 (2018)
  27. 27.
    Tsankov, P., Dan, A., Cohen, D.D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. arXiv preprint arXiv:1806.01143 (2018)
  28. 28.
    Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS 2016, pp. 91–96. ACM (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jialiang Chang
    • 1
    Email author
  • Bo Gao
    • 2
  • Hao Xiao
    • 2
  • Jun Sun
    • 3
  • Yan Cai
    • 4
  • Zijiang Yang
    • 1
  1. 1.Department of Computer ScienceWestern Michigan UniversityKalamazooUSA
  2. 2.Pillar of Information System Technology and DesignSingapore University of Technology and DesignSingaporeSingapore
  3. 3.School of Information SystemsSingapore Management UniversitySingaporeSingapore
  4. 4.State Key Laboratory of Computer Science, Institute of SoftwareChinese Academy of SciencesBeijingChina

Personalised recommendations