A Survey of Tools for Analyzing Ethereum Smart Contracts

Abstract

Smart contracts are at the heart of many decentralized applications, encapsulating core parts of the business logic. They handle the exchange of valuable assets like crypto-currencies or tokens in a transparent, decentralized manner. Being computer programs, they are also prone to programming errors, which have already lead to spectacular losses. Therefore, methods and tools have emerged to support the development of secure smart contracts and to aid the analysis of deployed ones. Assessing the quality of such tools turns out to be difficult. There are academic tools, tools developed by companies, and community tools in open repositories, but no comprehensive survey that may serve as a guide. Most discussions of related work in research papers are not helpful either, as they concentrate on methods rather than tools, base their review on publications about the tools rather than the tools themselves, or disregard tools outside of academia. Our survey aims at filling this gap by considering tools regardless of their provenance and by installing and testing them. It is meant as a guide for those who intend to analyze already deployed code, want to develop secure smart contracts, or plan to teach a related subject. We investigate 27 tools for analyzing Ethereum smart contracts regarding availability, maturity level, methods employed, and detection of security issues.