Abstract
The Solidity programming language is the most widely used language for smart contract development. Improving smart contracts’ correctness, security, and performance has been the driving force for research in vulnerability detection, program analysis, and compiler techniques for Solidity. Similar to system-level languages such as C, Solidity enables the embedding of low-level code in programs, in the form of inline assembly code. Developers use inline assembly for low-level optimizations, extending the Solidity language through libraries, and using blockchain-specific opcodes only available through inline assembly. Nevertheless, inline assembly fragments are not well understood by an average developer and can introduce security threats as well as affect the optimizations that can be applied to programs by the compiler; it also significantly limits the effectiveness of source code static analyzers that operate on the Solidity level. A better understanding of how inline assembly is used in practice could in turn increase the performance, security, and support for inline assembly in Solidity. This paper presents a large-scale quantitative study of the use of inline assembly in 6.8M smart contracts deployed on the Ethereum blockchain. We find that 23% of the analyzed smart contracts contain inline assembly code, and that the use of inline assembly has become more widespread over time. We further performed a manual qualitative analysis for identifying usage patterns of inline assembly in Solidity smart contracts. Our findings are intended to help practitioners understand when they should use inline assembly and guide developers of Solidity tools in prioritizing which parts of inline assembly to implement first. Finally, the insights of this study could be used to enhance the Solidity language, improve the Solidity compiler, and to open up new research directions by driving future researchers to build appropriate methods and techniques for replacing inline assembly in Solidity programs when there is no real necessity to use it.
- Amogh Akshintala, Bhushan Jain, Chia-Che Tsai, Michael Ferdman, and Donald E. Porter. 2019. X86-64 Instruction Usage among C/C++ Applications. In Proceedings of the 12th ACM International Conference on Systems and Storage (SYSTOR ’19). Association for Computing Machinery, New York, NY, USA. 68–79. isbn:9781450367493 https://doi.org/10.1145/3319647.3325833
Google Scholar
Digital Library
- Massimo Bartoletti and Livio Pompianu. 2017. An empirical analysis of smart contracts: platforms, applications, and design patterns. In International conference on financial cryptography and data security. 494–509. https://doi.org/10.1007/978-3-319-70278-0_31
Google Scholar
Cross Ref
- Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, and Yannis Smaragdakis. 2020. Ethainter: A smart contract security analyzer for composite vulnerabilities. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 454–469. https://doi.org/10.1145/3385412.3385990
Google Scholar
Digital Library
- Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, François Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A Scalable Security Analysis Framework for Smart Contracts. ArXiv, abs/1809.03981 (2018).
Google Scholar
- Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits. 2022. Artifact: A Study of Inline Assembly in Solidity Smart Contracts. https://doi.org/10.5281/zenodo.7071281
Google Scholar
Digital Library
- Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. 2021. Well-Typed Programs Can Go Wrong: A Study of Typing-Related Bugs in JVM Compilers. Proc. ACM Program. Lang., 5, OOPSLA (2021), Article 123, oct, 30 pages. https://doi.org/10.1145/3485500
Google Scholar
Digital Library
- Shyam R Chidamber and Chris F Kemerer. 1994. A metrics suite for object oriented design. IEEE Transactions on software engineering, 20, 6 (1994), 476–493.
Google Scholar
Digital Library
- Nassim Corteggiani, Giovanni Camurati, and Aurélien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In Proceedings of the 27th USENIX Conference on Security Symposium (SEC’18). USENIX Association, USA. 309–326. isbn:9781931971461
Google Scholar
- Thomas Durieux, João F Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International conference on software engineering. 530–541. https://doi.org/10.1145/3377811.3380364
Google Scholar
Digital Library
- Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). 8–15. https://doi.org/10.1109/WETSEB.2019.00008
Google Scholar
Digital Library
- Robert Feldt and Ana Magazinius. 2010. Validity threats in empirical software engineering research-an initial survey.. In Seke. 374–379.
Google Scholar
- Aviral Goel, Pierre Donat-Bouillud, Filip Křikava, Christoph M. Kirsch, and Jan Vitek. 2021. What We Eval in the Shadows: A Large-Scale Study of Eval in R Programs. Proc. ACM Program. Lang., 5, OOPSLA (2021), Article 125, oct, 23 pages. https://doi.org/10.1145/3485502
Google Scholar
Digital Library
- Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages, 2, OOPSLA (2018), 1–27. https://doi.org/10.1145/3276486
Google Scholar
Digital Library
- Péter Hegedűs. 2019. Towards analyzing the complexity landscape of solidity based ethereum smart contracts. Technologies, 7, 1 (2019), 6.
Google Scholar
Cross Ref
- Simon Holm Jensen, Peter A. Jonsson, and Anders Møller. 2012. Remedying the Eval That Men Do. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012). Association for Computing Machinery, New York, NY, USA. 34–44. isbn:9781450314541 https://doi.org/10.1145/2338965.2336758
Google Scholar
Digital Library
- Stephen Kell, Dominic P. Mulligan, and Peter Sewell. 2016. The Missing Link: Explaining ELF Static Linking, Semantically. In Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2016). Association for Computing Machinery, New York, NY, USA. 607–623. isbn:9781450344449 https://doi.org/10.1145/2983990.2983996
Google Scholar
Digital Library
- Benjamin Mariano, Yanju Chen, Yu Feng, Shuvendu K Lahiri, and Isil Dillig. 2020. Demystifying loops in smart contracts. In 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). 262–274. https://doi.org/10.1145/3324884.3416626
Google Scholar
Digital Library
- Fadi Meawad, Gregor Richards, Floréal Morandat, and Jan Vitek. 2012. Eval Begone! Semi-Automated Removal of Eval from Javascript Programs. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA ’12). Association for Computing Machinery, New York, NY, USA. 607–620. isbn:9781450315616 https://doi.org/10.1145/2384616.2384660
Google Scholar
Digital Library
- Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf
Google Scholar
- Terence J. Parr and Russell W. Quong. 1995. ANTLR: A predicated-LL (k) parser generator. Software: Practice and Experience, 25, 7 (1995), 789–810.
Google Scholar
Digital Library
- Andrea Pinna, Simona Ibba, Gavina Baralla, Roberto Tonelli, and Michele Marchesi. 2019. A massive analysis of ethereum smart contracts empirical study and code metrics. IEEE Access, 7 (2019), 78194–78213. https://doi.org/10.1109/ACCESS.2019.2921936
Google Scholar
Cross Ref
- Frédéric Recoules, Sébastien Bardin, Richard Bonichon, Matthieu Lemerre, Laurent Mounier, and Marie-Laure Potet. 2021. Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine. IEEE Press, 1236–1247. isbn:9781450390859 https://doi.org/10.1109/ICSE43902.2021.00113
Google Scholar
Digital Library
- Frédéric Recoules, Sébastien Bardin, Richard Bonichon, Laurent Mounier, and Marie-Laure Potet. 2019. Get Rid of Inline Assembly through Verification-Oriented Lifting. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE ’19). IEEE Press, 577–589. isbn:9781728125084 https://doi.org/10.1109/ASE.2019.00060
Google Scholar
Digital Library
- Gregor Richards, Christian Hammer, Brian Burg, and Jan Vitek. 2011. The Eval That Men Do: A Large-Scale Study of the Use of Eval in Javascript Applications. In Proceedings of the 25th European Conference on Object-Oriented Programming (ECOOP’11). Springer-Verlag, Berlin, Heidelberg. 52–78. isbn:9783642226540 https://doi.org/10.5555/2032497.2032503
Google Scholar
Digital Library
- Gregor Richards, Sylvain Lebresne, Brian Burg, and Jan Vitek. 2010. An Analysis of the Dynamic Behavior of JavaScript Programs. In Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’10). Association for Computing Machinery, New York, NY, USA. 1–12. isbn:9781450300193 https://doi.org/10.1145/1806596.1806598
Google Scholar
Digital Library
- Manuel Rigger, Stefan Marr, Bram Adams, and Hanspeter Mössenböck. 2019. Understanding GCC Builtins to Develop Better Tools. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019). Association for Computing Machinery, New York, NY, USA. 74–85. isbn:9781450355728 https://doi.org/10.1145/3338906.3338907
Google Scholar
Digital Library
- Manuel Rigger, Stefan Marr, Stephen Kell, David Leopoldseder, and Hanspeter Mössenböck. 2018. An Analysis of X86-64 Inline Assembly in C Programs. In Proceedings of the 14th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE ’18). Association for Computing Machinery, New York, NY, USA. 84–99. isbn:9781450355797 https://doi.org/10.1145/3186411.3186418
Google Scholar
Digital Library
- Solidity. 2022. Solidity Inline Assembly Documentation. https://docs.soliditylang.org/en/latest/assembly.html
Google Scholar
- Nick Szabo. 1997. Formalizing and securing relationships on public networks. First monday.
Google Scholar
- Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. 9–16. https://doi.org/10.1145/3194113.3194115
Google Scholar
Digital Library
- Roberto Tonelli, Giuseppe Destefanis, Michele Marchesi, and Marco Ortu. 2018. Smart contracts software metrics: a first study. arXiv preprint arXiv:1802.01517, https://doi.org/10.13140/RG.2.2.25506.12483
Google Scholar
Cross Ref
- Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 67–82. https://doi.org/10.1145/3243734.3243780
Google Scholar
Digital Library
- Gavin Wood. 2022. Ethereum: A secure decentralised generalised transaction ledger.
Google Scholar
- Weiqin Zou, David Lo, Pavneet Singh Kochhar, Xuan-Bach Dinh Le, Xin Xia, Yang Feng, Zhenyu Chen, and Baowen Xu. 2019. Smart contract development: Challenges and opportunities. IEEE Transactions on Software Engineering, 47, 10 (2019), 2084–2106. https://doi.org/10.1109/TSE.2019.2942301
Google Scholar
Cross Ref
Index Terms
A study of inline assembly in solidity smart contracts
Recommendations
An Analysis of x86-64 Inline Assembly in C Programs
VEE '18: Proceedings of the 14th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsC codebases frequently embed nonportable and unstandardized elements such as inline assembly code. Such elements are not well understood, which poses a problem to tool developers who aspire to support C code. This paper investigates the use of x86-64 ...
The treewidth of smart contracts
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied ComputingSmart contracts are programs that are stored and executed on the Blockchain and can receive, manage and transfer money (cryptocurrency units). Two important problems regarding smart contracts are formal analysis and compiler optimization. Formal ...
An Analysis of x86-64 Inline Assembly in C Programs
VEE '18C codebases frequently embed nonportable and unstandardized elements such as inline assembly code. Such elements are not well understood, which poses a problem to tool developers who aspire to support C code. This paper investigates the use of x86-64 ...






Comments