Smart Contract Weakness Analyzer Based on Concolic Testing

Inseong Jeon, Joonseon Ahn

http://doi.org/10.5626/JOK.2021.48.6.668

Ethereum is a blockchain-based cryptocurrency platform that provides a Turing complete language, Solidity, which can be used to develop smart contracts for various applications. This paper present an analyzer that finds security weaknesses in smart contracts using the concolic testing framework. Concolic testing, which combines symbolic execution and testing, is more efficient than symbolic execution while retaining no false positiveness which is absent in static analysis. Also, the analyzer reflects actual execution context to the maximum extent possible using the Ethereum execution environment, the Geth testnet. The analyzer detects integer overflow and unhandled exception weakness. Also, this paper presents performance test results in comparison with a well known smart contract symbolic execution framework, Manticore.