Concetti Chiave
Existing SAST tools for smart contracts fail to detect around 50% of vulnerabilities in a comprehensive benchmark, with precision not surpassing 10%. Combining multiple tools can reduce false negatives, but many vulnerabilities, especially beyond Access Control and Reentrancy, remain undetected.
Sintesi
The paper presents a comprehensive evaluation of 8 SAST tools for detecting vulnerabilities in smart contracts. The key highlights are:
Taxonomy Construction:
Developed a new, up-to-date, and fine-grained taxonomy of 45 unique vulnerability types for smart contracts.
This taxonomy addresses the limitations of existing taxonomies, which are outdated, coarse-grained, and exhibit ambiguities.
Benchmark Construction:
Constructed the largest smart contract vulnerability benchmark to date, covering 788 contract files and 10,394 vulnerabilities at the function level.
The benchmark was carefully curated and labeled by security experts, ensuring high-quality ground truth.
Coverage Analysis:
Evaluated the vulnerability coverage of 8 SAST tools, with the commercial tool CSA supporting the most types (97.78%).
Open-source tools like Slither and Securify2 also demonstrated high coverage, but missed critical vulnerabilities like Integer Overflow/Underflow.
Effectiveness Analysis:
The existing SAST tools fail to detect around 50% of vulnerabilities in the benchmark, with precision not surpassing 10%.
CSA maintained the top position in both recall and precision, while Slither's performance dropped due to a higher false positive rate.
Consistency Analysis:
Combining multiple tools can effectively reduce the false negatives to 29.3%, but at the expense of flagging 36.77 percentage points more functions.
Vulnerabilities related to Access Control and Reentrancy are generally easier for tools to detect than those in the Arithmetic category.
Efficiency Analysis:
Tools using symbolic execution, like Manticore, take more time compared to those with static analysis techniques.
Securify2 demands more memory resources, while SmartCheck emerges as the fastest tool among those evaluated.
The study provides valuable insights to guide the development, enhancement, evaluation, and selection of SAST tools for smart contract security.
Statistiche
Existing SAST tools fail to detect around 50% of vulnerabilities in the benchmark.
Precision of the evaluated SAST tools does not surpass 10%.
Combining multiple tools can reduce false negatives to 29.3%, but at the expense of flagging 36.77 percentage points more functions.
Citazioni
"Existing SAST tools fail to detect around 50% of vulnerabilities in our benchmark and suffer from high false positives, with precision not surpassing 10%."
"By combining the results of multiple tools, the false negative rate can be reduced effectively, at the expense of flagging 36.77 percentage points more functions."