Automated Detection of Vulnerabilities in ERC20-based Smart Contracts: Using Fuzzing, Symbolic Execution and Static Analysis in Ethereum-based Environments
2025 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE credits
Student thesis
Abstract [en]
The security of smart contracts deployed on Ethereum-based environments is a growing concern, especially as these contracts increasingly govern critical operations in decentralized applications. Traditional manual auditing methods are often time-consuming, error-prone, and insufficient to detect complex or deeply embedded vulnerabilities.
This paper proposes an automated approach to detect vulnerabilities in Ethereum smart contracts through the integration of fuzzing and symbolic execution techniques. The framework combines property-based fuzzing using Echidna with symbolic execution via Mythril and static analysis via Slither to enhance vulnerability coverage. The goal is to identify common vulnerabilities such as re-entrancy, integer overflows, access control misconfigurations, and unchecked external calls.
A comprehensive evaluation is conducted on smart contracts sourced from open datasets such as verified Etherscan repositories. The results are assessed based on detection accuracy, false positive and negative rates, code coverage, and execution time.
This research demonstrates that combining fuzzing, symbolic execution, and static analysis in an automated pipeline provides a robust foundation to improve smart contract security in Ethereum ecosystems.
Place, publisher, year, edition, pages
2025. , p. 24
Keywords [en]
Smart contracts, vulnerability, detection, Blockchain, Ethereum, ERC20
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:hv:diva-24157Local ID: EXD600OAI: oai:DiVA.org:hv-24157DiVA, id: diva2:1994510
Subject / course
Computer engineering
Educational program
Master in Cybersecurity
Supervisors
Examiners
2025-09-082025-09-032025-09-30Bibliographically approved