SIF: A Framework for Solidity Code Instrumentation and Analysis
This addresses the problem of fragmented and non-traceable analysis workflows for Solidity developers and testers, though it is incremental as it unifies existing capabilities rather than introducing a new paradigm.
The paper tackles the lack of a unified framework for Solidity smart contract analysis by introducing SIF, a comprehensive framework for instrumentation, analysis, and code generation, demonstrating its feasibility by building tools and testing them on 1838 real Ethereum contracts.
Solidity is an object-oriented and high-level language for writing smart contracts that are used to execute, verify and enforce credible transactions on permissionless blockchains. In the last few years, analysis of smart contracts has raised considerable interest and numerous techniques have been proposed to check the presence of vulnerabilities in them. Current techniques lack traceability in source code and have widely differing work flows. There is no single unifying framework for analysis, instrumentation, optimisation and code generation of Solidity contracts. In this paper, we present SIF, a comprehensive framework for Solidity contract analysis, query, instrumentation, and code generation. SIF provides support for Solidity contract developers and testers to build source level techniques for analysis, understanding, diagnostics, optimisations and code generation. We show feasibility and applicability of the framework by building practical tools on top of it and running them on 1838 real smart contracts deployed on the Ethereum network.