Evaluating Spread of ‘Gasless Send’ in Ethereum Smart Contracts

Abstract

We present an approach for analyzing Ethereum smart contracts regarding to the issue of ‘gasless send’ [1, p. 8]. Gasless send is about contracts which lose the ability to receive Ether due to gas depletion when executing the contract's fallback function. Our approach is based on the security analysis tool Mythril which is a framework for analyzing security issues in Ethereum smart contracts. Mythril's analysis engine is based on symbolic code execution and features different analyses for security vulnerabilities in smart contracts. We upgraded the analysis engine in order to model the gas usage of Ethereum smart contracts during execution. In order to utilize the newly acquired data, we added an analysis module to detect fallback functions, whose execution may exceed the defined threshold of gas. Our analysis of 167,698 smart contracts currently deployed to the live Ethereum network shows that a total of 96.3 thousand (or 57%) might be affected by the issue of gasless send.