Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications
Reads0
Chats0
TLDR
In this article, the authors proposed a software tool that can easily perform comparative studies by adding existing/new countermeasures and labeled smart contract codes, which helps to identify the most effective countermeasures for each type of vulnerability.Abstract:
Blockchain technology, which provides digital security in a distributed manner, has evolved into a key technology that can build efficient and reliable decentralized applications (called DApps) beyond the function of cryptocurrency. The characteristics of blockchain such as immutability and openness, however, have made DApps more vulnerable to various security risks, and thus it has become of great significance to validate the integrity of DApps before they actually operate upon blockchain. Recently, research on vulnerability in smart contracts (a building block of DApps) has been actively conducted, and various vulnerabilities and their countermeasures were reported. However, the effectiveness of such countermeasures has not been studied well, and no appropriate methods have been proposed to evaluate them. In this paper, we propose a software tool that can easily perform comparative studies by adding existing/new countermeasures and labeled smart contract codes. The proposed tool demonstrates verification performance using various statistical indicators, which helps to identify the most effective countermeasures for each type of vulnerability. Using the proposed tool, we evaluated state-of-the-art countermeasures with 237 labeled benchmark codes. The results indicate that for certain types of vulnerabilities, some countermeasures show evenly good performance scores on various metrics. However, it is also observed that countermeasures that detect the largest number of vulnerable codes typically generate much more false positives, resulting in very low precision and accuracy. Consequently, under given constraints, different countermeasures may be recommended for detecting vulnerabilities of interest. We believe that the proposed tool could effectively be utilized for a future verification study of smart contract applications and contribute to the development of practical and secure smart contract applications.read more
Citations
More filters
Journal ArticleDOI
Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract
TL;DR: A systematic review of the security vulnerabilities in the Ethereum blockchain is presented and compared among the Ethereum smart contract analysis tools by considering various features to help the researchers to set the directions for future research in this domain.
Journal ArticleDOI
Ethereum Smart Contract Analysis Tools: A Systematic Review
TL;DR: A systematic review on Ethereum smart contracts analysis tools developed for Ethereum blockchain smart contract are presented and some challenges and future recommendations in the field ofthereum smart contracts are highlighted.
Journal ArticleDOI
Ethereum Smart Contract Analysis Tools: A Systematic Review
TL;DR: In this article , the authors present a systematic review of security analysis tools for smart contracts and highlight some challenges and future recommendations in the field of smart contracts, including taint analysis, symbolic execution and fuzzing.
Journal ArticleDOI
Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT
TL;DR: In this article , a security taxonomy, security framework, and cybersecurity risk management framework for the Health Internet of Things (HIoT) BC-IdM systems are identified and proposed.
Journal ArticleDOI
Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study
TL;DR: In this paper , the authors study the evolution of tools and patterns detected and investigate the changes in the tools' behavior in terms of detected weaknesses, quality and behavior, and agreements between the tools.
References
More filters
Ethereum: A Secure Decentralised Generalised Transaction Ledger
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Proceedings ArticleDOI
Making Smart Contracts Smarter
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Journal ArticleDOI
QuickCheck: a lightweight tool for random testing of Haskell programs
Koen Claessen,John Hughes +1 more
TL;DR: QuickCheck is a tool which aids the Haskell programmer in formulating and testing properties of programs, and can be automatically tested on random input, but it is also possible to define custom test data generators.
Journal ArticleDOI
A survey on the security of blockchain systems
TL;DR: Wang et al. as discussed by the authors conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popular blockchain systems. And they also review the security enhancement solutions for blockchain, which could be used in the development of various blockchain systems, and suggest some future directions to stir research efforts into this area.
Book ChapterDOI
A Survey of Attacks on Ethereum Smart Contracts SoK
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.