Smart contracts are programs that automate agreements between parties without the need for intermediaries. Embedded in a blockchain, they ensure transparency, immutability, and trustworthiness. While efficient, their immutable nature and reliance on internet-connected nodes make them susceptible to attacks. Identifying vulnerabilities before deployment is critical to mitigate risks, prevent catastrophic events, and avoid significant financial losses. This paper introduces a method for detecting vulnerabilities in smart contracts written in Solidity and deployed on the Ethereum blockchain. The approach models a smart contract as an Abstract State Machine (ASM), where the absence of specific vulnerabilities is encoded as invariants. An existing symbolic execution technique for ASM models was extended and improved to enable the processing of the ASM models of the smart contracts. By symbolically executing the ASM, the method identifies faulty execution paths that violate these invariants, exposing potential vulnerabilities in the contract’s behavior. Vulnerable execution scenarios of the smart contract can be generated using the symbolic execution results. As a proof of concept, we show the approach on a running case study, the Auction smart contract. Furthermore, we discuss the results of applying the technique to a number of Solidity smart contracts.

Using Symbolic Model Execution to Detect Vulnerabilities of Smart Contracts / C. Braghin, G.D.C. (LECTURE NOTES IN COMPUTER SCIENCE). - In: Rigorous State-Based Methods[s.l] : Springer, 2025. - ISBN 9783031945328. - pp. 31-51 (( 11. ABZ International Conference on Rigorous State-Based Method : June, 10 – 13 Düsseldorf (Germany) 2025 [10.1007/978-3-031-94533-5_3].

Using Symbolic Model Execution to Detect Vulnerabilities of Smart Contracts

C. Braghin
Primo
;
E. Riccobene
Penultimo
;
S. Valentini
Ultimo
2025

Abstract

Smart contracts are programs that automate agreements between parties without the need for intermediaries. Embedded in a blockchain, they ensure transparency, immutability, and trustworthiness. While efficient, their immutable nature and reliance on internet-connected nodes make them susceptible to attacks. Identifying vulnerabilities before deployment is critical to mitigate risks, prevent catastrophic events, and avoid significant financial losses. This paper introduces a method for detecting vulnerabilities in smart contracts written in Solidity and deployed on the Ethereum blockchain. The approach models a smart contract as an Abstract State Machine (ASM), where the absence of specific vulnerabilities is encoded as invariants. An existing symbolic execution technique for ASM models was extended and improved to enable the processing of the ASM models of the smart contracts. By symbolically executing the ASM, the method identifies faulty execution paths that violate these invariants, exposing potential vulnerabilities in the contract’s behavior. Vulnerable execution scenarios of the smart contract can be generated using the symbolic execution results. As a proof of concept, we show the approach on a running case study, the Auction smart contract. Furthermore, we discuss the results of applying the technique to a number of Solidity smart contracts.
No
English
Abstract State Machines; Blockchain; Ethereum; Smart contract vulnerabilities; Solidity; Symbolic execution;
Settore INFO-01/A - Informatica
Intervento a convegno
Comitato scientifico
Pubblicazione scientifica
   SEcurity and RIghts in the CyberSpace (SERICS)
   SERICS
   MINISTERO DELL'UNIVERSITA' E DELLA RICERCA
   codice identificativo PE00000014
Rigorous State-Based Methods
Springer
2025
31
51
21
9783031945328
9783031945335
15728
Volume a diffusione internazionale
No
ABZ International Conference on Rigorous State-Based Method : June, 10 – 13
Düsseldorf (Germany)
2025
11
Convegno internazionale
crossref
Aderisco
C. Braghin, G. Del Castillo, E. Riccobene, S. Valentini
Book Part (author)
partially_open
273
Using Symbolic Model Execution to Detect Vulnerabilities of Smart Contracts / C. Braghin, G.D.C. (LECTURE NOTES IN COMPUTER SCIENCE). - In: Rigorous State-Based Methods[s.l] : Springer, 2025. - ISBN 9783031945328. - pp. 31-51 (( 11. ABZ International Conference on Rigorous State-Based Method : June, 10 – 13 Düsseldorf (Germany) 2025 [10.1007/978-3-031-94533-5_3].
info:eu-repo/semantics/bookPart
4
Prodotti della ricerca::03 - Contributo in volume
File in questo prodotto:
File Dimensione Formato  
ABZ2025-7.pdf

accesso aperto

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Licenza: Publisher
Dimensione 425.29 kB
Formato Adobe PDF
425.29 kB Adobe PDF Visualizza/Apri
978-3-031-94533-5_3.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Licenza: Nessuna licenza
Dimensione 729.39 kB
Formato Adobe PDF
729.39 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/1234301
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 0
  • OpenAlex 5
social impact