Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards Understanding the Bugs in Solidity Compiler

Haoyang Ma, Wuqi Zhang, Qingchao Shen, Yongqiang Tian, Junjie Chen, Shing-Chi Cheung

TL;DR

This work provides the first systematic study of Solidity compiler bugs by analyzing 533 issues, uncovering 12 root causes and five symptoms, and presenting seven actionable takeaways to improve bug detection. It constructs a reproducible benchmark of 108 reproducible bugs and evaluates three Solidity fuzzers, revealing weaknesses in current fuzzing approaches, especially for formal verification and semantic-analysis bugs. The study highlights the solver-like nature of the Solidity toolchain, including the formal verification and Yul paths, and shows how compilation flags, memory handling, and code generation interact to produce non-crash and crash bugs. Practically, the paper offers guidance for targeted fuzzing, test oracles, and EMI-based validation to enhance Solidity compiler reliability and security in smart contract deployment.

Abstract

Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined their characteristics (including symptoms, root causes, and distribution), and their triggering test cases. Our study leads to seven bug-revealing takeaways for Solidity compiler. Moreover, to study the limitations of Solidity compiler fuzzers and bring our findings into practical scenarios, we evaluate three Solidity compiler fuzzers on our constructed benchmark. The results show that these fuzzers are inefficient in detecting Solidity compiler bugs. The inefficiency arises from their failure to consider the interesting bug-inducing features, bug-related compilation flags, and test oracles

Towards Understanding the Bugs in Solidity Compiler

TL;DR

This work provides the first systematic study of Solidity compiler bugs by analyzing 533 issues, uncovering 12 root causes and five symptoms, and presenting seven actionable takeaways to improve bug detection. It constructs a reproducible benchmark of 108 reproducible bugs and evaluates three Solidity fuzzers, revealing weaknesses in current fuzzing approaches, especially for formal verification and semantic-analysis bugs. The study highlights the solver-like nature of the Solidity toolchain, including the formal verification and Yul paths, and shows how compilation flags, memory handling, and code generation interact to produce non-crash and crash bugs. Practically, the paper offers guidance for targeted fuzzing, test oracles, and EMI-based validation to enhance Solidity compiler reliability and security in smart contract deployment.

Abstract

Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined their characteristics (including symptoms, root causes, and distribution), and their triggering test cases. Our study leads to seven bug-revealing takeaways for Solidity compiler. Moreover, to study the limitations of Solidity compiler fuzzers and bring our findings into practical scenarios, we evaluate three Solidity compiler fuzzers on our constructed benchmark. The results show that these fuzzers are inefficient in detecting Solidity compiler bugs. The inefficiency arises from their failure to consider the interesting bug-inducing features, bug-related compilation flags, and test oracles
Paper Structure (30 sections, 6 figures, 2 tables)

This paper contains 30 sections, 6 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Bug Collection and Classification
  4. Bug Collection
  5. Bug Classification
  6. Symptoms
  7. Root Causes
  8. Bug Analysis
  9. RQ1: Bug Characteristics
  10. Correlation between Symptoms and Root Causes
  11. Bug Distribution over Components
  12. RQ2: Test Case Characteristics
  13. Bug-Revealing Code Patterns
  14. Bug-Revealing Compilation Flags
  15. RQ3: Test Oracle Requirement
  16. ...and 15 more sections

Figures (6)

  • Figure 1: Workflow of Solidity compiler
  • Figure 2: The Overview of Bug Collection and Classification
  • Figure 3: Bug Distribution Over Symptoms
  • Figure 4: Bug Distribution Over Root Causes.
  • Figure 5: Bug Distribution Over Components
  • ...and 1 more figures