Considering numerous projects using smart contracts based on the blockchain technology racing to market, there is an ever-growing necessity for secure contracts to protect what could potentially be worth billions. Ethereum smart contracts are small executable programs, used on a peer-to-peer network as part of a consensus protocol. In other words, a smart contract is a set of low-level instructions being run on the Ethereum Virtual Machine (EVM). This low-level representation of smart contracts is called the Ethereum bytecode, which is public, immutable and once used in the blockchain, cannot be patched anymore. In this ongoing work, we present Etherolic, as the first runtime analysis framework based on concolic execution that analyzes the smart contracts’ bytecode for detecting various vulnerabilities and attacks.

In contrast to previous tools, Etherolic does not need any source code and combines symbolic execution of bytecode with a presentation of concrete values from the public Ethereum blockchain. We evaluated Etherolic with a real-world benchmark suite, including 16 programs, containing public libraries. The result of our analysis demonstrates the effectiveness and usefulness of Etherolic in the real-life applications.