When They Go Low: Automated Replacement of Low-level Functions in Ethereum Smart Contracts

Smart contracts in the Ethereum blockchain are typically written using a high-level, Turing-complete language called Solidity. However, the Solidity language has many features to allow programmers fine-grained control over their smart contracts. We call these features low-level functions. Unfortunately, the improper use of low-level functions can lead to security vulnerabilities leading to heavy financial losses. Therefore, the Solidity community has suggested alternatives for the low-level functions in the official guidelines for developers. We first perform a large-scale empirical study on the use of low-level functions in Ethereum smart contracts written in Solidity. We find that such functions are widely used in real-world Ethereum smart contracts, and that the majority of these uses are gratuitous for the smart contract's functionality. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with high-level alternatives. We evaluate GoHigh on over 300,000 real-world smart contracts on the Ethereum blockchain. GoHigh replaces all low-level functions that are amenable to replacement in the contracts with 17% fewer compiler warnings, and the externally-visible behaviors of at least 92 % of the replaced contracts are identical to the original ones. Finally, GoHigh takes 7 seconds on average per contract.