Browse > Article
http://dx.doi.org/10.3745/KTSDE.2022.11.10.399

A De Facto Standard for ERC-20 API Functional Specifications and Its Conformance Review Method for Ethereum Smart Contracts  

Moon, Hyeon-Ah (서강대학교 컴퓨터공학과)
Park, Sooyong (서강대학교 컴퓨터공학과)
Publication Information
KIPS Transactions on Software and Data Engineering / v.11, no.10, 2022 , pp. 399-408 More about this Journal
Abstract
ERC-20, the standard API for Ethereum token smart contracts, was introduced to ensure compatibility among applications such as wallets and decentralized exchanges. However, many compatibility vulnerability problems have existed because there is no rigorous functional specifications for each API nor conformance review tools for the standard. In this paper, we proposed a new review procedure and a tool to perform the procedure to review if ERC-20 token smart contract programs for the Ethereum blockchain conform to the de facto standards. Based on the knowledge from an analysis on the ERC-20 API functional behavior of the top 100 token smart contract programs in the existing Ethereum blockchain, a new specification for the de facto standard for ERC-20 API was explicitly defined. The new specification enabled us to design a systematic review method for Ethereum smart contract programs. We developed a tool to support this review method and we evaluated a few benchmark programs with the tool.
Keywords
Ethereum; Smart Contracts; Conformance; Review;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Google, "Compatibility Test Suite", 2020 [Internet], https://source.android.com/compatibility/cts, Accessed May 2022.
2 W3C, "Markup Validation Service," [Internet], https://validator.w3.org/, Accessed May 2022.
3 J. Tretmans, "An Overview of OSI Conformance Testing", 2001.
4 S. Tikhomirov et al., "SmartCheck: Static analysis of ethereum smart contracts," in Proceedings of 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp.9-16, 2018.
5 L. Alt, and C. Reitwiessner, "SMT-Based verification of solidity smart contracts," in Proceedings of Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice: 8th International Symposium, pp.376-388, 2018.
6 N. Atzei, M. Bartoletti, and T. Cimoli, "A survey of attacks on ethereum smart contracts," in Proceedings of the 6th International Conference on Principles of Security and Trust, Vol.10204, pp.164-186, 2017.
7 WBTC token smart contract [Internet], https://etherscan.io/token/0x2260fac5e5542a773aa44fbcfedf7c193bc2c599, Accessed May 2022.
8 V. Buterin, "A next-generation smart contract and decentralized application platform," Ethereum White Paper, [Internet], https://ethereum.org/en/whitepaper/, Accessed May 2022.
9 J. Liu and Z. Liu, "A survey on security verification of blockchain smart contracts," IEEE Access, Vol.7, pp.77894-77904, 2019.   DOI
10 IEEE and The Open Group, "PosixTM Certification", [Internet], http://get.posixcertified.ieee.org/, 2020, Accessed May 2022.
11 B. Loring and J. Kinder, "Systematic generation of conformance tests for JavaScript", 2021 [Internet], https://doi.org/10.48550/arXiv.2108.07075, Accessed May 2022.   DOI
12 G. Ye et al., "Automated conformance testing for JavaScript engines via deep compiler fuzzing," in Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI 2021), pp.435-450, 2021.
13 Etherscan [Internet], https://etherscan.io, Accessed May 2022.
14 CVE-2021-33403, Integer overflow in LNC token [Internet], https://github.com/MRdoulestar/SC-RCVD/blob/main/Vulnerabilities/LNCToken.md, Accessed May 2022.
15 T. Chen et al., "TokenScope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum," in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, pp.1503-1520, 2019.
16 S. So, M. Lee, J. Park, H. Lee, and H. Oh, "VERISMART: A highly precise safety verifier for ethereum smart contracts," in Proceedings of IEEE Symposium on Security and Privacy (SP), IEEE, pp.1678-1694, May 2020.
17 G. Wood, "Ethereum: A secure decentralised generalised transaction ledger," Ethereum Yellow Paper, [Internet], https://ethereum.github.io/yellowpaper/paper.pdf, 2018, Accessed May 2022.
18 N. Szabo, "Smart contracts: Formalizing and securing relationships on public networks," First Monday, Vol.2, No.9, 1997.
19 F. Vogelsteller, and V. Buterin, "EIP-20: ERC-20 Token Standard," [Internet], https://eips.ethereum.org/EIPS/eip-20, 2015, Accessed May 2022.
20 H. Moon, and S. Park, "Conformance evaluation of the top100 Ethereum relationships on public token smart contracts with Ethereum Request for Comment-20 functional specifications," IET Software, Vol.16, No.2, pp.233-249, 2022.   DOI
21 CVE-2018-11239, burnOverflow in Hexagon token [Internet], https://peckshield.medium.com/new-burnoverflow-bug-identified-in-multiple-erc20-smart-contracts-cve-2018-11239-52cc4f821694, Accessed May 2022.
22 EtherDelta. 2018. [Internet], https://etherdelta.com/, Accessed May 2022.
23 S. So, S. Hong, and H. Oh, "SmarTest: Effectively hunting vulnerable transaction sequences in smart contracts through language model-guided symbolic execution," in Proceedings of 30th USENIX Security Symposium, pp.1361-1378, 2021.
24 J. Feist, G. Greico, and A. Groce, "Slither: A static analysis framework for smart contracts," in Proceedings of the 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB '19), IEEE Press, pp.8-15, 2019.
25 E. Hildenbrandt et al., "KEVM: A complete formal semantics of the ethereum virtual machine," in Proceedings of 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp.204-217, 2018.
26 B. Jiang, Y. Liu, and W. K. Chan, "ContractFuzzer: Fuzzing smart contracts for vulnerability detection," in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE'18, pp.259-269, 2018.
27 J. Frank, C. Aschermann, and T. Holz, "ETHBMC: A bounded model checker for smart contracts," in Proceedings of the 29th USENIX Security Symposium, pp.1-18, 2020.
28 L. Luu, D. Chu, H. Olickel, P. Saxena, and A. Hobor, "Making smart contracts smarter," in Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS'16). pp.254-269, 2016.
29 S. Kalra, S. Goel, M. Dhawan, and S. Sharma, "ZEUS: Analyzing safety of smart contracts," in Proceedings of 25th Annual Network and Distributed System Security Symposium, pp.1-15, 2018.
30 P. Tsankov, A. Dan, D. Cohen, A. Gervais, F. Buenzli, and M. Vechev, "Securify: Practical security analysis of smart contracts," in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp.67-82.
31 OpenZeppelin, "An ERC-20 test suite," [Internet], https://github.com/OpenZeppelin/openzeppelin-contracts, Accessed May 2022.