Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi
{"title":"基于以太坊的智能合约应用漏洞评估","authors":"Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi","doi":"10.1109/I2CACIS52118.2021.9495892","DOIUrl":null,"url":null,"abstract":"A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.","PeriodicalId":210770,"journal":{"name":"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Vulnerability Assessment on Ethereum Based Smart Contract Applications\",\"authors\":\"Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi\",\"doi\":\"10.1109/I2CACIS52118.2021.9495892\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.\",\"PeriodicalId\":210770,\"journal\":{\"name\":\"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I2CACIS52118.2021.9495892\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I2CACIS52118.2021.9495892","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Vulnerability Assessment on Ethereum Based Smart Contract Applications
A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
