A static analyzer and bug prediction engine for smart contracts

Abstract

As blockchain solutions are becoming increasingly common, identifying potential bugs in smart contracts written in Solidity language is vital for these solutions to work accurately. To precisely detect these bugs, developers must use several state-of-the-art bug detection tools and examine the potential bugs the tools report. In this thesis, we investigate common errors in smart contracts and developed a static analysis tool SA-Solidity, which takes Solidity codes of smart contracts as input, to detect possible bugs. SA-Solidity converts Solidity source code into parse a tree and detects the erros by querying it. In addition, we demonstrate that one tool alone is not sufficient to detect all the bugs as SA-Solidity, and the known SmartCheck, and Securify tools identify different types of bugs in SmartEmbed's experimental set of smart contracts. Furthermore, we develop Machine Learning-based Bug Predictor for Solidity MLBP-Solidity, which predicts files that would be reported by all the previously mentioned bug detection tools and facilitates the efforts of developers by allowing them to focus on a subset of files that are most probably buggy. Our experimental results show that MLBP-Solidity achieves 90-99\% accuracy depending on the type of predicted bug.