An Improved Gas Efficient Library for Securing IoT Smart Contracts Against Arithmetic Vulnerabilities

Abstract

Public blockchains targeting Internet of Things (IoT) are gaining more traction every day with majority of them being built on top of the Ethereum infrastructure. However, a growing number of these blockchains introduces security issues. There are 525 entries already in the Common Vulnerabilities and Exposure database related to Ethereum smart contracts. 479 of them are related to arithmetic errors, which include integer overflow or underflow. This paper, thus, concentrates on analyzing arithmetic vulnerabilities found in existing public blockchains targeted at IoT applications. Furthermore, the performance in terms of security and gas cost of smart contracts is analyzed with and without SafeMath library. In addition, an improved SafeMath library is proposed that has better arithmetic coverage and requires lower gas consumption. Four security tools are used to analyze the arithmetic protection of the improved SafeMath library. The results show that the improved SafeMath library is able to cover 4 more arithmetic operations compared to the original one by using only two common conditions checks and is capable of saving 26 units of gas, which is a significant amount in the long run.