nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Practices for Assessing the Security Level of Solidity Smart Contracts

verfasst von : Mohamed Mekkouri, Christine Hennebert

Erschienen in: Foundations and Practice of Security

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In 2022, the Ethereum Entreprise Alliance (EEA) published a first version of EthTrust [2], a document that aims to certify the security level of smart contracts written in the Solidity language. A smart contract is a computer code whose execution is triggered by a transaction issued by a peer on a distributed network. Once deployed in a blockchain, the contract is immutable and no security flaw can be corrected. In order to provide an uninitiated user with the means to check the security level of the targeted contract before sending a transaction, it would be desirable to have a tool capable of certifying the security level of smart contracts. With this objective in mind, the work presented in this paper aims to qualify the existing tools for detecting vulnerabilities in contracts, as well as advances based on the use of AI to analyse the Solidity language. Finally, the needs and a methodology are discussed to build a tool for systematically certifying the security level of open source smart contracts.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Unsupervised Clustering of Honeypot Attacks by Deep HTTP Packet Inspection

Nächstes Kapitel Effectiveness of Binary-Level CFI Techniques

Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Yellow Paper (2014). https://ethereum.github.io/yellowpaper/paper.pdf

Ethereum Entreprise Alliance: EEA EthTrust Security Levels Specification v-after-1 (Editor’s Draft). EEA Editor’s Draft, 27 August 2023. https://entethalliance.github.io/eta-registry/security-levels-spec.html

Zhang, L., et al.: CBGRU: a detection method of smart contract vulnerability based on a hybrid model. MDPI Sensors 22(9), 3577 (2022). https://dl.acm.org/doi/abs/10.1145/3457337.3457841

Nehaï, Z., Bobot, F.: Deductive proof of industrial smart contracts using Why3. In: Sekerinski, E., et al. (eds.) FM 2019. LNCS, vol. 12232, pp. 299–311. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-54994-7_22CrossRef

Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8CrossRef

Ashizawa, N., Yanai, N., Cruz, J.P., Okamura, S.: Eth2Vec: learning contract-wide code representations for vulnerability detection on Ethereum smart contracts. arXiv:2101.02377v2 [cs.CR], 8 January 2021. https://arxiv.org/pdf/2101.02377.pdf

Goswami, S., Singh, R., Saikia, N., Bora, K.K., Sharma, U.: TokenCheck: towards deep learning based security vulnerability detection in ERC-20 tokens. In: 2021 IEEE Region 10 Symposium (TENSYMP), Jeju, Republic of Korea, pp. 1–8 (2021). https://doi.org/10.1109/TENSYMP52854.2021.9550913

Yashavant, C.S., Kumar, S., Karkare, A.: ScrawlD: a dataset of real world Ethereum smart contracts labelled with vulnerabilities. arXiv:2202.11409v3 [cs.CR], 25 February 2022. https://arxiv.org/pdf/2202.11409.pdf

Hao, X., Ren, W., Zheng, W., Zhu, T.: SCScan: a SVM-based scanning system for vulnerabilities in blockchain smart contracts. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, pp. 1598–1605 (2020). https://doi.org/10.1109/TrustCom50675.2020.00221

10.

Zeng, Q., et al.: EtherGIS: a vulnerability detection framework for Ethereum smart contracts based on graph learning features. In: 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), Los Alamitos, CA, USA, pp. 1742–1749 (2022). https://doi.org/10.1109/COMPSAC54236.2022.00277

11.

Momeni, P., Wang, Y., Samavi, R.: Machine learning model for smart contracts security analysis. In: IEEE Proceeding of PST 2019, pp. 1–6 (2019)

12.

Ghaleb, A., Pattabiraman, K.: How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection. arXiv:2005.11613v1 [cs.SE], 23 May 2020. https://arxiv.org/pdf/2005.11613.pdf

13.

Durieux, T., Ferreira, J.F., Abreu, R., Cruz, P.: Empirical review of automated analysis tools ethereum smart contracts. arXiv:1910.10601v2 [cs.SE], 9 February 2020. https://arxiv.org/pdf/1910.10601.pdf

14.

Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)

15.

Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)

16.

Mueller, B.: Smashing Ethereum smart contracts for fun and real profit, HITB SECCONF Amsterdam (2018)

17.

Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8–15 (2019)

Titel: Practices for Assessing the Security Level of Solidity Smart Contracts
verfasst von: Mohamed Mekkouri
Christine Hennebert
Verlag: Springer Nature Switzerland
Buch: Foundations and Practice of Security
Print ISBN: 978-3-031-57536-5

Electronic ISBN: 978-3-031-57537-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57537-2_5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner