Vulnerability Assessment on Ethereum Based Smart Contract Applications

2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS) Pub Date : 2021-06-26 DOI:10.1109/I2CACIS52118.2021.9495892

Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi

{"title":"Vulnerability Assessment on Ethereum Based Smart Contract Applications","authors":"Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi","doi":"10.1109/I2CACIS52118.2021.9495892","DOIUrl":null,"url":null,"abstract":"A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.","PeriodicalId":210770,"journal":{"name":"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I2CACIS52118.2021.9495892","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于以太坊的智能合约应用漏洞评估

智能合约是两个人之间以计算机代码形式达成的协议。在区块链环境中，智能合约执行并存储在不可修改的共享分类账中。以太坊是用于智能合约的主要平台之一，其中坚实性基本上是以太坊中用于构建智能合约的高级编程语言。编码员最近发现的漏洞没有在分析工具(SmartCheck)中更新，因此无法检测漏洞。没有现有的模式定义来检测这些漏洞。本文重点改进了Smartcheck分析方法，将solid源代码转换为基于XML的中间表示，并针对XPath模式进行了验证。此外，还列出了最新的漏洞，以创建检测此类漏洞的新模式。用真实世界的数据集对所提出的方法进行了评估，并将结果与类似工具进行了比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)

自引率

0.00%

发文量