A large-scale empirical study of low-level function use in Ethereum smart contracts and automated replacement

The Ethereum blockchain stores and executes complex logic via smart contracts written in Solidity, a high-level programming language. The Solidity language (in its early versions) provides features to exercise fine-grained control over smart contracts, whose usage is discouraged by later-released Solidity documentation, but nonetheless supported in later versions for backward compatibility. We define these features as low-level functions. However, the high-volume of transactions and the improper use of low-level functions lead to security exploits with heavy financial loss. Consequently, the documentation suggests secure alternatives to the use of low-level functions. In this article, we first perform an empirical study on the use of low-level functions in Ethereum smart contracts. We study a smart contract dataset consisting of over 2,100,000 real-world smart contracts. We find that low-level functions are widely used and that the majority of these uses are gratuitous. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with secure alternatives. Our experimental evaluation on the dataset shows that GoHigh successfully replaces all low-level functions with 4.9% fewer compiler warnings. Further, no unintended side-effects are introduced in 80% of the contracts, and the remaining 20% are not verifiable due to their external dependency. GoHigh saves more than 5% of the gas cost of the contract. Finally, GoHigh takes 7 s on average per contract.