Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present SmartBugs, an extensible and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum. SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan. We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).

中文翻译：

---

SmartBugs：分析 Solidity 智能合约的框架

在过去的几年中，对以太坊智能合约的自动化分析、测试和调试进行了大量研究。然而，比较和重现该研究并非易事。为了解决这个问题，我们提出了 SmartBugs，这是一个可扩展且易于使用的执行框架，它简化了对用 Solidity 编写的智能合约的分析工具的执行，Solidity 是以太坊中使用的主要语言。SmartBugs 目前已分发，支持 10 个工具和两个 Solidity 合约数据集。第一个数据集可用于评估分析工具的精度，因为它包含 143 个带注释的易受攻击合约和 208 个标记漏洞。第二个数据集包含通过 Etherscan 收集的 47,518 个独特合约。我们讨论了 SmartBugs 如何在工具数量和执行时间方面支持迄今为止最大的实验设置。此外，我们展示了它如何通过对工具 SmartCheck 的新扩展来实现分析工具的轻松集成和比较，该扩展显着改善了与 DASP10 类别不良随机性、时间操纵和访问控制相关的漏洞的检测（已识别的漏洞从 11 % 到 24%）。