Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis have been proposed. However, the lack of commonly accepted benchmark suites and performance metrics makes it difficult to compare and evaluate such tools. Moreover, the tools are heterogeneous in their interfaces and reports as well as their runtime requirements, and installing several tools is time-consuming. In this paper, we present SmartBugs 2.0, a modular execution framework. It provides a uniform interface to 19 tools aimed at smart contract analysis and accepts both Solidity source code and EVM bytecode as input. After describing its architecture, we highlight the features of the framework. We evaluate the framework via its reception by the community and illustrate its scalability by describing its role in a study involving 3.25 million analyses.

翻译：智能合约是处理高价值资产的区块链程序。编写安全可靠的智能合约绝非易事，任何漏洞都可能导致重大经济损失。为协助开发者发现并消除漏洞，业界已提出多种自动化分析方法与工具。然而，由于缺乏公认的基准测试集与性能评估指标，这些工具难以进行横向对比与客观评估。此外，不同工具在接口规范、分析报告格式以及运行时需求方面存在显著差异，且逐一安装多个工具极为耗时。本文提出SmartBugs 2.0模块化执行框架，该框架为19种智能合约分析工具提供统一接口，支持Solidity源代码与EVM字节码两种输入格式。在阐述架构设计后，我们重点介绍框架的核心特性，通过社区反响评估其实用价值，并通过涉及325万次分析的研究案例展示其可扩展性。