SPLASH 2022
Mon 5 - Sat 10 December 2022 Auckland, New Zealand
Fri 9 Dec 2022 10:30 - 11:00 at AMRF Auditorium - Blockchain Chair(s): Zhong Shao

The Solidity programming language is the most widely used language for smart contract development. Improving smart contracts’ correctness, security, and performance has been the driving force for research in vulnerability detection, program analysis, and compiler techniques for Solidity. Similar to system-level languages such as C, Solidity enables the embedding of low-level code in programs, in the form of inline assembly code. Developers use inline assembly for low-level optimizations, extending the Solidity language through libraries, and using blockchain-specific opcodes only available through inline assembly. Nevertheless, inline assembly fragments are not well understood by an average developer and can introduce security threats as well as affect the optimizations that can be applied to programs by the compiler; it also significantly limits the effectiveness of source code static analyzers that operate on the Solidity level. A better understanding of how inline assembly is used in practice could in turn increase the performance, security, and support for inline assembly in Solidity. This paper presents a large-scale quantitative study of the use of inline assembly in 6.8M smart contracts deployed on the Ethereum blockchain. We find that 23% of the analyzed smart contracts contain inline assembly code, and that the use of inline assembly has become more widespread over time. We further performed a manual qualitative analysis for identifying usage patterns of inline assembly in Solidity smart contracts. Our findings are intended to help practitioners understand when they should use inline assembly and guide developers of Solidity tools in prioritizing which parts of inline assembly to implement first. Finally, the insights of this study could be used to enhance the Solidity language, improve the Solidity compiler, and to open up new research directions by driving future researchers to build appropriate methods and techniques for replacing inline assembly in Solidity programs when there is no real necessity to use it.

Fri 9 Dec

Displayed time zone: Auckland, Wellington change

10:30 - 12:00
BlockchainOOPSLA at AMRF Auditorium
Chair(s): Zhong Shao Yale University
10:30
30m
Talk
A Study of Inline Assembly in Solidity Smart Contracts
OOPSLA
Stefanos Chaliasos Imperial College London, Arthur Gervais Imperial College London, Ben Livshits Imperial College London
DOI
11:00
30m
Research paper
Elipmoc: advanced decompilation of Ethereum smart contracts
OOPSLA
Neville Grech University of Malta, Sifis Lagouvardos University of Athens, Ilias Tsatiris University of Athens, Yannis Smaragdakis University of Athens
DOI
11:30
30m
Talk
SigVM: Enabling Event-Driven Execution for Truly Decentralized Smart Contracts
OOPSLA
Zihan Zhao University of Toronto, Sidi Mohamed Beillahi University of Toronto, Ryan Song University of Toronto, Yuxi Cai University of Toronto, Andreas Veneris University of Toronto, Fan Long University of Toronto
DOI