SmartShield: Automatic Smart Contract Protection Made Easy​

1. Introduction

SmartShield is an automated bytecode rectification system to fix three typical security-related bugs (i.e., state changes after external calls, missing checks for out-of-bound arithmetic operations, and missing checks for failing external calls) in Ethereum Smart Contract. SmartShield guarantees that the rectified contract is not only immune to certain attacks but also gas-friendly (i.e., a slightly increase of gas cost).

We applied SmartShield to 28,621 real-world buggy contracts on Ethereum blockchain (as of January 2nd 2019). Experiment results demonstrated that among 95,502 insecure cases in those contracts, 87,346 (91.5%) of them were automatically fixed. Moreover, the rectification only introduced a 0.2% gas increment for each contract on average.

2. Source code

The source code of SmartShield is available at: src.7z

3. Test Cases

The test cases used in our evaluation is partially available here: test cases

4. Publications

Our paper "SmartShield: Automatic Smart Contract Protection Made Easy" has won the Best Paper Award (1/42) @ SANER’20