Search papers, labs, and topics across Lattice.
This paper introduces SolSmith, a semantics-aware differential fuzz testing tool designed to enhance the Solidity compiler's reliability by identifying miscompilation bugs. Over three years, SolSmith discovered 25 previously unnoticed miscompilation bugs, highlighting critical flaws in code generation and optimization that could significantly impact smart contracts. The study not only improves compiler testing rigor but also provides a comprehensive analysis of the nature and implications of these bugs for end-users.
SolSmith uncovered 25 hidden miscompilation bugs in the Solidity compiler, revealing critical vulnerabilities that could jeopardize smart contracts.
Smart contract compilers are critical to ensuring the correctness of public blockchains whose defining characteristics are open-source and immutable code. We created SolSmith, a semantics-aware differential fuzz testing tool, to improve the quality of the Solidity compiler -- the most popular compiler for the Ethereum blockchain -- and spent over three years finding compiler defects that produce incorrect code. We call these defects miscompilation bugs. During this time period, we have discovered 25 miscompilation bugs that went unnoticed, some for multiple years. Our first contribution is to make compiler testing more rigorous. SolSmith achieves this goal by generating valid test programs that are likely to stress test code generation and optimization components. This helps SolSmith find bugs missed during routine testing that could potentially have serious implications for smart contracts and their users. Our second contribution is a qualitative and quantitative analysis of miscompilation bugs that we found in the Solidity compiler. We classify miscompilation bugs found by SolSmith based on their nature, root-causes, and impact on end-users. This sheds light on some pitfalls of optimizing compilers.