EOSIOAnalyzer: An Effective Static Analysis Vulnerability Detection Framework for EOSIO Smart Contracts

EOSIO smart contracts are programs that can be collectively executed by a network of mutually untrusted nodes. As EOSIO smart contracts manage valuable assets, they become high-value targets and are subjected to more and more attacks. Tools for protecting EOSIO smart contracts are imperative. This paper proposes EOSIOAnalyzer, an effective static secu-rity analysis framework for EOSIO smart contracts to counter the three most common attacks. The framework consists of three components, the control flow graph builder, the static analyzer and the vulnerability detector. This paper implements an approach to transforming low-level Wasm bytecode into a high-level intermediate representation (Register Transfer Language). Besides, this paper also implements vulnerability detection speci-fications for three popular EOSIO smart contracts vulnerabilities, including Fake EOS Transfer, Forged Transfer Notification and Block Information Dependency. As a proof of concept, this paper conducts experiments to evaluate the effectiveness and efficiency of the EOSIOAnalyzer. The experiment results show that the detection accuracy of the three vulnerabilities is 100 %, 98.8 % and 100%, respectively.