NeuCheck: A more practical Ethereum smart contract security analysis tool

• Published in: Software, practice & experience Vol. 51; no. 10; pp. 2065 - 2084
• Main Authors: Lu, Ning, Wang, Bin, Zhang, Yongxin, Shi, Wenbo, Esposito, Christian
• Format: Journal Article
• Language: English
• Published: Bognor Regis Wiley Subscription Services, Inc 01.10.2021
• Subjects: blockchain; Contracts; Digital currencies; Ethereum; Security; security analysis; smart contract; Source code; Transaction processing
• ISSN: 0038-0644; 1097-024X
• DOI: 10.1002/spe.2745

Summary Ethereum is one of the currently popular trading platform, where any one can exchange, buy, or sell cryptocurrencies. Smart contract, a computer program, can help Ethereum to encode rules or scripts for processing transactions. Because the smart contract usually handles large number of cryptocurrencies worth billions of dollars apiece, its security has gained considerable attention. In this paper, we first investigate the security of smart contracts running on the Ethereum and introduce several new security vulnerabilities that allow adversaries to exploit and gain financial benefits. Then, we propose a more practical smart contract analysis tool termed NeuCheck, in which we introduce the syntax tree in the syntactical analyzer to complete the transformation from source code to intermediate representation, and then adopt the open source library working with XML to analyze such tree. We have built a prototype of NeuCheck for Ethereum and evaluate it with over 52 000 existing Ethereum smart contracts. The results show that (1) our new documented vulnerabilities are prevalent; (2) NeuCheck improves the analysis speed by at least 17.2 times compared to other popular analysis tools (eg, Securify and Mythril; and (3) allows for cross‐platform deployment.