CS 731 PROJECT PRESENTATION

PROJECT TITLE
Auditing Real World Smart Contracts

GROUP NUMBER - 16

MEMBERS
1. Susovan Patra (22111061)
2. Sumit Patel ( 21211404 )
3. Mannu Gadyan (22111041)
4. Ajeet (22111005)
PROBLEM STATEMENT
With the increasing popularity and use of smart contracts in various industries, there is a growing need to
ensure their security and reliability. Smart contracts are self-executing contracts with the terms of the
agreement between buyer and seller being directly written into code. However, due to their complexity and
the potential for bugs or vulnerabilities in the code, auditing smart contracts is essential to identify and
address any potential issues before they cause harm.

The problem is that there is currently a lack of comprehensive auditing processes and methodologies for
real-world smart contracts. Many smart contracts are deployed without proper testing, and the
consequences of a security breach or code error can be significant, ranging from financial loss to reputational
damage. Therefore, there is a need for a systematic approach to auditing smart contracts that can identify
potential risks and vulnerabilities and ensure their security and reliability in real-world applications.
Smart Contracts: An Overview
Smart contracts are self-executing programs that are automatically executed when certain conditions, written in
code, are met.
However, the complexity of smart contracts and the potential for bugs or vulnerabilities in the code make them
prone to security breaches or financial losses. Therefore, auditing smart contracts is essential to ensure their
security, reliability, and proper functioning.
Languages used to write smart contracts
1. Solidity
2. Vyper
3. Rust
4. Yul
Hacks in Smart Contracts
As most of the smart contracts are deployed in the ethereum blockchain, these smart contracts are always hot
target for hackers, to exploit them. In past times there have been a lot of hacks happened that led to ether being
transferred from smart contract address to hacker’s address. Here are few major hacks.

1. The DAO Hack: The DAO was a decentralized autonomous organization that was built on the Ethereum
blockchain. In June 2016, a hacker exploited a vulnerability in the DAO's smart contract code and stole
approximately $50 million worth of ether.
2. Parity Wallet Hack: In July 2017, a hacker exploited a vulnerability in the Parity Wallet smart contract code
and stole approximately $30 million worth of ether
3. King of the Ether Throne Hack: King of the Ether Throne was a popular game built on the Ethereum
blockchain. In August 2016, a hacker exploited a vulnerability in the game's smart contract code and
drained approximately 7,000 ether from the game's smart contract.
Vulnerabilities in Smart Contracts
Some of the common security vulnerabilities in smart contracts are:

1. Code vulnerabilities: Smart contract code is written in a programming language, and like any other
software, it can contain bugs or errors that can be exploited by attackers.
2. Blockchain vulnerabilities: Smart contracts are executed on a blockchain platform, and the security of the
blockchain itself can be compromised. For example, if a majority of the nodes in the blockchain network are
controlled by a single entity, it can manipulate the blockchain and execute fraudulent transactions.
3. Network vulnerabilities: Smart contracts are deployed and executed on a network, and the network can be
vulnerable to attacks such as Distributed Denial of Service (DDoS) attacks, which can disrupt the network
and cause financial losses.
4. Social engineering attacks: Social engineering attacks are targeted at humans rather than the technology
itself. Attackers can use phishing emails or other social engineering tactics to trick users into revealing their
private keys or other sensitive information, which can be used to access and exploit smart contracts.
Vulnerabilities in smart contract
Reentrancy attack A reentrancy attack is a type of
1 vulnerability in a smart contract that allows an attacker
to repeatedly call a function before it completes its
previous execution, potentially leading to the attacker
gaining unauthorized access to the contract's funds or
causing the contract to malfunction.
Transaction origin is an exploit in which an attacker
2 manipulates the tx.origin field in a smart contract to
impersonate a legitimate user and gain unauthorized
access to the contract's funds or perform other
malicious activities. This vulnerability can be prevented
by using msg.sender instead of tx.origin.
Arithmetic vulnerabilities are errors in smart contract
3 code that can result in unintended or unexpected
mathematical calculations. These vulnerabilities can be
exploited by attackers to steal funds, cause the contract
to fail or execute malicious code. To prevent arithmetic
vulnerabilities, developers should use safe arithmetic
functions and perform proper input validation checks.
Locked ether vulnerability occurs when a smart contract
4 holds ether but lacks functionality to release or transfer
it. Attackers can exploit this vulnerability to lock up
funds indefinitely, causing financial loss. To prevent this,
developers should ensure contracts have a secure
withdrawal mechanism and thoroughly test for code
errors.
Tools we have used to identify vulnerabilities

1. Slither - Slither is an open-source static analysis framework that helps developers detect security vulnerabilities in
smart contracts written in Solidity. It identifies and reports issues such as reentrancy, locked ether, and other
potential security risks, providing developers with actionable insights to improve their code's security.
2. Smartcheck - Smart Check is an automated security analysis tool for Ethereum smart contracts. It scans contract
code for security vulnerabilities such as reentrancy, transaction order dependence, and arithmetic overflows,
providing developers with a report that details any potential issues found. Smart Check aims to make smart contract
development more secure and reliable.
3. Solhint - Solhint is a linter tool for Solidity that helps developers write better code by highlighting potential errors,
bad practices, and vulnerabilities in their smart contracts. It provides feedback on code style, security, and best
practices, giving developers suggestions on how to improve the quality and security of their code.
Open Source tools and Programming Languages Used
1. ScrawlD - (https://github.com/sujeetc/ScrawlD ) Open Source tool, that takes smart contract files
in solidity version and does analysis of different vulnerabilities that could be present in contract
with help of different tools. For this project we have used ScrawId with Slither tool.
2. Bash Scripts - We have used bash scripts in order to run different python scripts and commands
that is used to run over the smart contract files.
3. Python Scripts - We have used scripts from ScrawlD and few other python scripts that are used to
download smart contract files for selected addresses from etherscan.

Example - ExtFromEtherScan.py ( This script is used to download contracts from etherscan ).

filterContractAddress.py ( This script is used to filter contract addresses that have most of ethers,
from ScrawlD dataset of 9000 contracts )
Flow for analysis of smart contracts

1. Downloaded smart contract code for selected addresses from etherscan.

2. Setup different analysis tools like - Slither, Smartcheck, Solhint.
3. Use ScrawId script to generate bug report for smart contracts from slither tool.
4. Use bash script to run analysis for smartcheck and solhint.
5. Check for different bugs - Reentrancy , Locked Ether, Arithmetic Vulnerabilities .& Transaction
Origin.
6. Done manual analysis for set of smart contracts with the bug reports generated by tools.
7. Found out tool effectiveness on various bugs.
Calculating effectiveness of SLITHER
Total Contracts Analysed by slither = 500
Re-entrancy vulnerability found in = 1586 Places
Unhandled Exception vulnerability found in = 118 Places
Time Manipulation vulnerability found in = 810 Places

Manual Analysis of Tool

Total Contracts analysed = 208
Total false positive given by tool for REENTRANCY vulnerability = 77
Number of effective analyses for REENTRANCY vulnerability = 130
Tool Effectiveness percentage: 62.5 %
Calculating effectiveness of Solhint Tool

Total Contracts Analysed by Solhint = 500

“Re-entrancy” vulnerability found in = 960 Places

“Transaction Origin” vulnerability found in = 49 Places
“Not-rely-on-time” vulnerability found in = 1566 Places
“Not-rely-on-block-hash” vulnerability found in = 11 Places
Tools Comparison

S.No Tool Name Bug 1 (Count) Bug 2 (Count) Bug 3(Count)

Re-entrancy Time - Manipulation Transaction Origin

1 Solhint 960 1577 49

2 Slither 1586 810 250

● Total Contracts Analyzed = 500 Contracts.

● For Solhint , we have considered “Not-rely-on-time” and “Not-rely-on-block-hash” as Time Manipulation
Vulnerabilities.
Contributions
1. SUMIT PATEL

Read about different vulnerabilities from https://swcregistry.io/ and came to conclusion to select bugs in smart contracts as they have max impact. Write python script (
filterContractAddress.py ) to filter and download top 500 smart contract,which contains max value of ether .Wrote python script (effectiveness.py) which is used to calculate
the effectiveness of tools and false positives based on the bug report. Build documentation and PPT for the project.Ran run_all_slither.sh and run_main.sh in order to find
bugs from slither tool Wrote “solhint.sh” to find vulnerabilities from solhint tool. Wrote “smartcheck.sh” to find vulnerabilities from the smartcheck tool in available smart
contract files. Manual analysis of 10% of contracts for slither bug report.

2. SUSOVAN PATRA

Read about different types of vulnerability, downloaded half of the smart contracts from etherscan, convert the .json to .sol, written 2 python files to extract
the locked_ether vulnerability from all the vulnerabilities given by smartcheck tool.Wrote 2 bash files named run_all_slither.sh to execute run_slither.sh for
all the solidity files and run_main.sh to execute main.py for all the .sol.json file and stores the output in a CSV file with address,bugs and function
names.Manually checked 60% smart contracts(each contract having 2 or 3 functions on average),for Reentrancy vulnerability and 35 smart contracts
3. Mannu Gadyan

Downloaded Smart Contracts which will later be used in our research project for finding vulnerabilities. Helped in setting up tools
like Slither, SmartCheck, Mythril and Oyente. Used Slither with scrawID tool to generate reports on smart contracts, using the
generated report to parse the .csv files manually for finding false positives. I had analyzed around 25% of the smart contracts to look
for false positives. Same was done for SmartCheck reports, where we looked for Locked Ether Bug.

4. Ajeet

Helped in Downloading Smart Contracts using the API keys which I generated from etherscan website. Then set up tools like slither
and smartcheck in my system. I then helped in manually checking for false positives from the reports generated by slither and
smartcheck. My contributions were 5 % of the total code analyzed.
Thank you.