Notable Works in Tooling and Languages

CTA: SCRF is building a list of key readings in each category area to orient researchers to notable works and previous research. Please comment in this thread with links to seminal research that would form part of an introductory graduate seminar in this category. Please include a 1) a brief summary of what the link is and 2) the rationale for including this particular piece in the SCRF Notable Works reading list. As with every post in SCRF, a discussion is highly encouraged. Please review one another’s suggestions and include your own. Syllabi and curated lists from other sources are also welcome.

  • Vyper: A security comparison with solidity based on common vulnerabilities

    • https://arxiv.org/pdf/2003.07435.pdf
    • Mudabbir Kaleem, Anastasia Mavridou, Aron Laszka
    • This paper provides a qualitative analysis of Vyper from a standpoint of common vulnerabilities found in Solidity smart contracts
    • This paper is relevant because it points the issues that Vyper solves in comparison to Solidity and which ones remain unsolved
  • Safer smart contract programming with Scilla

    • https://dl.acm.org/doi/pdf/10.1145/3360611 (presentation also available)
    • lya Sergey, Vaivaswatha Nagaraj, Jacob Johannsen, Amrit Kumar, Anton Trunov, and Ken Chan Guan Hao
    • This paper presents and evaluates Scilla, a industrial graded smart contract programming language with built-in security mechanisms
    • This paper is relevant because it shows how Scilla is safe by design, as well as a framework for light-weight verification of Scilla programs. Official page: https://scilla-lang.org/
  • A Survey of Tools for Analyzing Ethereum Smart Contracts

    • https://publik.tuwien.ac.at/files/publik_278277.pdf
    • Monika Di Angelo, G. Salzer
    • This paper catalogs different analysis tools currently available (at the time of writing), making a qualitatively comparison between them
    • This paper is relevant because it gives a list of useful tools that developers could experiment with, as well as a starting point for researchers grasping the current state of the art.
  • Slither: A Static Analysis Framework For Smart Contracts

    • https://arxiv.org/pdf/1908.09878.pdf
    • Josselin Feist, Gustavo Grieco, Alex Groce
    • This paper describes Slither, a static analysis tool for Solidity contracts.
    • This paper is relevant since Slither is one of the most widely used tools supporting automatic identification of certain classes of vulnerabilities, refactoring opportunities, and general optimizations. Github page: https://github.com/crytic/slither/
  • Smashing Ethereum Smart Contracts for Fun and Real Profit

    • https://tinyurl.com/y2e2dbew
    • Bernhard Mueller
    • This paper describes describes Mythril, a static analysis tool for Solidity contracts and EVM bytecode
    • This paper is relevant because Mythril is one of the most widely used tools supporting automatic identification of certain classes of vulnerabilities. Github page: https://github.com/ConsenSys/mythril
  • KEVM: A Complete Semantics of the Ethereum Virtual Machine

2 Likes