{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,7]],"date-time":"2025-10-07T08:44:37Z","timestamp":1759826677590,"version":"3.41.0"},"reference-count":35,"publisher":"Association for Computing Machinery (ACM)","issue":"2","funder":[{"name":"MEXT \u201cInnovation Platform for Society 5.0\u201d Program","award":["JPMXP0518071489"],"award-info":[{"award-number":["JPMXP0518071489"]}]},{"name":"JST, CREST","award":["JPMJCR21M5"],"award-info":[{"award-number":["JPMJCR21M5"]}]},{"name":"JST SPRING","award":["JPMJSP2138"],"award-info":[{"award-number":["JPMJSP2138"]}]},{"name":"Ministry of Internal Affairs and Communications, Japan","award":["JPJ000254"],"award-info":[{"award-number":["JPJ000254"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Distrib. Ledger Technol."],"published-print":{"date-parts":[[2025,6,30]]},"abstract":"\n Vulnerabilities in Ethereum smart contracts often cause significant financial damage. Whereas the Solidity compiler has been updated to mitigate vulnerabilities, the effectiveness of these updates remains undisclosed to the best of our knowledge. In this paper, we aim to shed light on the impact of compiler versions on reducing vulnerabilities in Ethereum smart contracts. To achieve this, we collected 497,344 contracts with Solidity source codes from the Ethereum blockchain and analyzed their vulnerabilities. For three vulnerabilities of high severity, i.e.,\n Locked Money<\/jats:italic>\n ,\n Using tx.origin<\/jats:italic>\n , and\n Unchecked Call<\/jats:italic>\n , we illustrate their appearance rate changes, showing decreases attributed to major updates of the Solidity compiler. Subsequently, we found the following four key insights. Firstly, updates to version 0.6 and version 0.8 led to decreased appearance rates for\n Locked Money<\/jats:italic>\n . Secondly, regardless of compiler updates, the appearance rate for\n Using tx.origin<\/jats:italic>\n was significantly low. Thirdly, the appearance rate for\n Unchecked Call<\/jats:italic>\n significantly decreased from version 0.5 to version 0.8. Lastly, as an incidental discovery from our empirical study, we identified implications for code clones, which merit attention from subsequent researchers and developers.\n <\/jats:p>","DOI":"10.1145\/3688812","type":"journal-article","created":{"date-parts":[[2024,8,22]],"date-time":"2024-08-22T12:41:58Z","timestamp":1724330518000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"],"prefix":"10.1145","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-4400-4638","authenticated-orcid":false,"given":"Chihiro","family":"Kado","sequence":"first","affiliation":[{"name":"Osaka University, Suita, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0817-6188","authenticated-orcid":false,"given":"Naoto","family":"Yanai","sequence":"additional","affiliation":[{"name":"Osaka University, Suita, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9935-1534","authenticated-orcid":false,"given":"Jason Paul","family":"Cruz","sequence":"additional","affiliation":[{"name":"Osaka University, Suita, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7998-8039","authenticated-orcid":false,"given":"Kyosuke","family":"Yamashita","sequence":"additional","affiliation":[{"name":"Osaka University, Suita, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5602-6494","authenticated-orcid":false,"given":"Shingo","family":"Okamura","sequence":"additional","affiliation":[{"name":"National Institute of Technology, Nara College, Yamatokoriyama, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,6,13]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1007\/978-3-031-13185-1_16","volume-title":"Proceedings of the Computer Aided Verification (CAV \u201922)","volume":"13371","author":"Alt Leonardo","year":"2022","unstructured":"Leonardo Alt, Martin Blicha, Antti E. J. Hyv\u00e4rinen, and Natasha Sharygina. 2022. SolCMC: Solidity Compiler\u2019s Model Checker. In Proceedings of the Computer Aided Verification (CAV \u201922). Sharon Shoham and Yakir Vizel (Eds.), Lecture Notes in Computer Science, Vol. 13371, Springer, 325\u2013338."},{"key":"e_1_3_2_3_2","first-page":"69","volume-title":"Proceedings of the International Conference on Decentralized Applications and Infrastructures (DAPPCON \u201919)","author":"Di Angelo Monika","year":"2019","unstructured":"Monika Di Angelo and Gernot Salzer. 2019. A Survey of Tools for Analyzing Ethereum Smart Contracts. In Proceedings of the International Conference on Decentralized Applications and Infrastructures (DAPPCON \u201919), 69\u201378."},{"key":"e_1_3_2_4_2","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1145\/3457337.3457841","volume-title":"Proceedings of the International Symposium on Blockchain and Secure Critical Infrastructure (BSCI \u201921)","author":"Ashizawa Nami","year":"2021","unstructured":"Nami Ashizawa, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2021. Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts. In Proceedings of the International Symposium on Blockchain and Secure Critical Infrastructure (BSCI \u201921). ACM, New York, NY, 47\u201359."},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/3391195"},{"key":"e_1_3_2_6_2","first-page":"327","volume-title":"Proceedings of the Blockchain 2020","author":"Chinen Yuichiro","year":"2020","unstructured":"Yuichiro Chinen, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2020. RA: Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis. In Proceedings of the Blockchain 2020. IEEE, 327\u2013336."},{"key":"e_1_3_2_7_2","unstructured":"Silvia Crafa and Matteo Di Pirro. 2019. Solidity 0.5: When typed does not mean type safe. arXiv:1907.02952. Retreived from https:\/\/arxiv.org\/abs\/1907.02952"},{"key":"e_1_3_2_8_2","first-page":"530","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE \u201920)","author":"Durieux Thomas","year":"2020","unstructured":"Thomas Durieux, Jo\u00e3o F. Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts. In Proceedings of the International Conference on Software Engineering (ICSE \u201920), 530\u2013541."},{"key":"e_1_3_2_9_2","first-page":"8","volume-title":"Proceedings of the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB \u201919)","author":"Feist Josselin","year":"2019","unstructured":"Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: A Static Analysis Framework for Smart Contracts. In Proceedings of the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB \u201919). IEEE, 8\u201315."},{"key":"e_1_3_2_10_2","first-page":"2757","volume-title":"Proceedings of the USENIX Security Symposium","author":"Frank Joel","year":"2020","unstructured":"Joel Frank, Cornelius Aschermann, and Thorsten Holz. 2020. ETHBMC: A Bounded Model Checker for Smart Contracts. In Proceedings of the USENIX Security Symposium. USENIX Association, 2757\u20132774."},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","first-page":"415","DOI":"10.1145\/3395363.3397385","volume-title":"Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201920)","author":"Ghaleb Asem","year":"2020","unstructured":"Asem Ghaleb and Karthik Pattabiraman. 2020. How Effective Are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201920). ACM, New York, NY, 415\u2013427."},{"key":"e_1_3_2_12_2","first-page":"542","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE \u201920)","author":"Hwang Sungjae","year":"2020","unstructured":"Sungjae Hwang and Sukyoung Ryu. 2020. Gap between Theory and Practice: An Empirical Study of Security Patches in Solidity. In Proceedings of the International Conference on Software Engineering (ICSE \u201920). ACM, New York, NY, 542\u2013553."},{"key":"e_1_3_2_13_2","first-page":"92","volume-title":"Proceedings of the 4th Workshop on Blockchain theoRy and ApplicatIoNs (BRAIN \u201923)","author":"Kado Chihiro","year":"2023","unstructured":"Chihiro Kado, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura. 2023. An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities. In Proceedings of the 4th Workshop on Blockchain theoRy and ApplicatIoNs (BRAIN \u201923). IEEE, 92\u201397."},{"key":"e_1_3_2_14_2","volume-title":"Proceedings of the Annual Network and Distributed System Security Symposium (NDSS \u201918)","author":"Kalra Sukrit","year":"2018","unstructured":"Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS \u201918). Internet Society."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3169902"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3140091"},{"key":"e_1_3_2_17_2","first-page":"254","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security (CCS \u201916)","author":"Luu Loi","year":"2016","unstructured":"Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In Proceedings of the ACM Conference on Computer and Communications Security (CCS \u201916). ACM, New York, NY, 254\u2013269."},{"key":"e_1_3_2_18_2","volume-title":"Proceedings of the 9th HITB Security Conference","author":"Mueller Bernhard","year":"2018","unstructured":"Bernhard Mueller. 2018. Smashing Ethereum Smart Contracts for Fun and Real Profit. In Proceedings of the 9th HITB Security Conference."},{"key":"e_1_3_2_19_2","doi-asserted-by":"crossref","first-page":"653","DOI":"10.1145\/3274694.3274743","volume-title":"Proceedings of the Annual Computer Security Applications Conference (ACSAC \u201918)","author":"Nikoli\u0107 Ivica","year":"2018","unstructured":"Ivica Nikoli\u0107, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding the Greedy, Prodigal, and Suicidal Contracts at Scale. In Proceedings of the Annual Computer Security Applications Conference (ACSAC \u201918). ACM, New York, NY, 653\u2013663."},{"key":"e_1_3_2_20_2","first-page":"103","volume-title":"Proceedings of the Annual International Conference on Computer Science and Software Engineering (CASCON \u201918)","author":"Parizi Reza M.","year":"2018","unstructured":"Reza M. Parizi, Ali Dehghantanha, Kim-Kwang Raymond Choo, and Amritraj Singh. 2018. Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains. In Proceedings of the Annual International Conference on Computer Science and Software Engineering (CASCON \u201918). IBM Corp., 103\u2013113."},{"key":"e_1_3_2_21_2","first-page":"1325","volume-title":"Proceedings of the USENIX Security Symposium","author":"Perez Daniel","year":"2021","unstructured":"Daniel Perez and Benjamin Livshits. 2021. Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited. In Proceedings of the USENIX Security Symposium. USENIX Association, 1325\u20131341."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2921936"},{"key":"e_1_3_2_23_2","first-page":"566","volume-title":"Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201921)","author":"Ren Meng","year":"2021","unstructured":"Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang, Chengnian Sun, Huizhong Li, and Yan Cai. 2021. Empirical Evaluation of Smart Contract Testing: What is the Best Choice? In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201921). ACM, New York, NY, 566\u2013579."},{"key":"e_1_3_2_24_2","volume-title":"Proceedings of the Annual Network and Distributed System Security Symposium (NDSS \u201919)","author":"Rodler Michael","year":"2019","unstructured":"Michael Rodler, Wenting Li, Ghassan O Karame, and Lucas Davi. 2019. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS \u201919). Internet Society."},{"key":"e_1_3_2_25_2","first-page":"115","author":"Roy Chanchal Kumar","year":"2007","unstructured":"Chanchal Kumar Roy and James R. Cordy. 2007. A Survey on Software Clone Detection Research. School of Computing, Technical Report TR 2007-541, Queen\u2019S University, 115.","journal-title":"A Survey on Software Clone Detection Research"},{"key":"e_1_3_2_26_2","first-page":"621","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS \u201920)","author":"Schneidewind Clara","year":"2020","unstructured":"Clara Schneidewind, Ilya Grishchenko, Markus Scherer, and Matteo Maffei. 2020. EThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS \u201920). ACM, New York, NY, 621\u2013640."},{"key":"e_1_3_2_27_2","unstructured":"The Solidity Authors. 2023. Solidity v0.8.0 Breaking Changes. Retrieved from https:\/\/docs.soliditylang.org\/en\/latest\/080-breaking-changes.html."},{"key":"e_1_3_2_28_2","first-page":"317","volume-title":"Proceedings of the International Conference on Information Systems Security and Privacy (ICISSP \u201920)","author":"Tantikul Phitchayaphong","year":"2020","unstructured":"Phitchayaphong Tantikul and Sudsanguan Ngamsuriyaroj. 2020. Exploring Vulnerabilities in Solidity Smart Contract. In Proceedings of the International Conference on Information Systems Security and Privacy (ICISSP \u201920). INSTICC, SciTePress, 317\u2013324."},{"key":"e_1_3_2_29_2","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1145\/3194113.3194115","volume-title":"Proceedings of the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB \u201918)","author":"Tikhomirov Sergei","year":"2018","unstructured":"Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB \u201918). ACM, New York, NY, 9\u201316."},{"key":"e_1_3_2_30_2","first-page":"67","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS \u201918)","author":"Tsankov Petar","year":"2018","unstructured":"Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS \u201918). ACM, New York, NY, 67\u201382."},{"key":"e_1_3_2_31_2","first-page":"1410","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE \u201921)","author":"Wan Zhiyuan","year":"2021","unstructured":"Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, and Xiaohu Yang. 2021. Smart Contract Security: A Practitioners\u2019 Perspective. In Proceedings of the International Conference on Software Engineering (ICSE \u201921). IEEE\/ACM, New York, NY, 1410\u20131422."},{"key":"e_1_3_2_32_2","doi-asserted-by":"crossref","unstructured":"Yilin Wang Xiangping Chen Yuan Huang Hao-Nan Zhu and Jing Bian. 2022. An empirical study on real bug fixes in smart contracts projects. arXiv:2210.11990. Retrieved from https:\/\/arxiv.org\/abs\/2210.11990","DOI":"10.2139\/ssrn.4250240"},{"key":"e_1_3_2_33_2","first-page":"747","volume-title":"Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS \u201919)","volume":"11735","author":"Weiss Konrad","year":"2019","unstructured":"Konrad Weiss and Julian Sch\u00fctte. 2019. Annotary: A Concolic Execution System for Developing Secure Smart Contracts. In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS \u201919), Lecture Notes in Computer Science, Vol. 11735 Springer, 747\u2013766."},{"key":"e_1_3_2_34_2","unstructured":"Gavin Wood. 2022. Ethereum: A Secure Decentralised Generalised Transaction Ledger Byzantium VERSION. Retrieved from https:\/\/ethereum.github.io\/yellowpaper\/paper.pdf"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.3390\/jcp2020019"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2942301"}],"container-title":["Distributed Ledger Technologies: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3688812","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T15:01:26Z","timestamp":1749826886000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3688812"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,13]]},"references-count":35,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,6,30]]}},"alternative-id":["10.1145\/3688812"],"URL":"https:\/\/doi.org\/10.1145\/3688812","relation":{},"ISSN":["2769-6480"],"issn-type":[{"type":"electronic","value":"2769-6480"}],"subject":[],"published":{"date-parts":[[2025,6,13]]},"assertion":[{"value":"2023-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-07-28","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}