The frequent security incidents of contracts indicate a pressing need to ensure contract security from deployment to running stages, but the state-of-the-art (SOTA) analysis methods cannot work well for three requirements. (i) Identify contract defective code snippets, while generating exploit call sequences to help developers fix them. (ii) Monitor abnormal call behaviors, especially for multiple continuous transactions. (iii) Validate numerous unexploitable detection results automatically because manual verification is labor-intensive. (iv) To tackle these problems, we propose SymX, a symbolic execution-based security analysis art accounting for contract development and running stages. The experiment results demonstrate that it can accurately identify 90.22% of contracts and 98.04% of call transactions, as well as validate misreports as intended, which is superior to SOTAs, thereby protecting contracts better during the contract lifecycle. Currently, SymX is available at https://github.com/Secbrain/SymX.

Paper PDF

This paper's license is marked as closed access or non-commercial and cannot be viewed on ResearchHub. Visit the paper's external site.