Evaluating Upgradable Smart Contract

2021 IEEE International Conference on Blockchain (Blockchain) Pub Date : 2021-12-01 DOI:10.1109/Blockchain53845.2021.00041

Van Cuong Bui, S. Wen, Jiangshan Yu, Xin Xia, M. S. Haghighi, Yang Xiang

{"title":"Evaluating Upgradable Smart Contract","authors":"Van Cuong Bui, S. Wen, Jiangshan Yu, Xin Xia, M. S. Haghighi, Yang Xiang","doi":"10.1109/Blockchain53845.2021.00041","DOIUrl":null,"url":null,"abstract":"Smart contracts have been developed and employed in both permissioned and permissionless blockchains recently, mainly to enforce agreements among parties without the need for intermediaries. This achievement is the result of blockchain immutability which guarantees that no party can alter the conditions of an already deployed contract. However, immutability also makes patching or updating contracts impossible even when incorrectness, unfairness, or security flaws are spotted in them. So far, researchers in academia and industry have developed two main methods, data segregation and proxy storage, with six patterns to make deployed contracts upgradable. However, until now, there has been no comprehensive framework that can simultaneously offer upgradability, security resilience, and scalability features. For example, none of the existing solutions have implemented any security mechanism that can resist attacks such as the DAO one. Through extensive analysis and implementation of all these patterns, and taking state-of-the-art attacks on the Ethereum network into consideration, we propose our innovative framework, “Comprehensive-Data-Proxy pattern” which uses data segregation on the top of proxy pattern, that can completely defend against any types of Reentrancy attacks. Additionally, this solution mitigates the scalability issue of the proxy pattern. Our experiments show that the framework can address these two issues with negligible impact on performance.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Blockchain (Blockchain)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Blockchain53845.2021.00041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Smart contracts have been developed and employed in both permissioned and permissionless blockchains recently, mainly to enforce agreements among parties without the need for intermediaries. This achievement is the result of blockchain immutability which guarantees that no party can alter the conditions of an already deployed contract. However, immutability also makes patching or updating contracts impossible even when incorrectness, unfairness, or security flaws are spotted in them. So far, researchers in academia and industry have developed two main methods, data segregation and proxy storage, with six patterns to make deployed contracts upgradable. However, until now, there has been no comprehensive framework that can simultaneously offer upgradability, security resilience, and scalability features. For example, none of the existing solutions have implemented any security mechanism that can resist attacks such as the DAO one. Through extensive analysis and implementation of all these patterns, and taking state-of-the-art attacks on the Ethereum network into consideration, we propose our innovative framework, “Comprehensive-Data-Proxy pattern” which uses data segregation on the top of proxy pattern, that can completely defend against any types of Reentrancy attacks. Additionally, this solution mitigates the scalability issue of the proxy pattern. Our experiments show that the framework can address these two issues with negligible impact on performance.

查看原文本刊更多论文

评估可升级智能合约

智能合约最近在许可和无许可区块链中都得到了开发和应用，主要是为了在不需要中介的情况下执行各方之间的协议。这一成就是区块链不可变性的结果，它保证了任何一方都不能改变已经部署的合约的条件。然而，不变性也使得修补或更新合约变得不可能，即使其中发现了不正确、不公平或安全漏洞。到目前为止，学术界和工业界的研究人员已经开发了两种主要方法，数据隔离和代理存储，以及六种模式来使部署的合同可升级。然而，到目前为止，还没有一个全面的框架能够同时提供可升级性、安全弹性和可伸缩性特性。例如，现有的解决方案都没有实现任何可以抵御DAO攻击的安全机制。通过对所有这些模式的广泛分析和实现，并考虑到以太坊网络上最先进的攻击，我们提出了我们的创新框架“综合数据-代理模式”，该模式在代理模式之上使用数据隔离，可以完全防御任何类型的重入攻击。此外，该解决方案还减轻了代理模式的可伸缩性问题。我们的实验表明，该框架可以解决这两个问题，对性能的影响可以忽略不计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Conference on Blockchain (Blockchain)

自引率

0.00%

发文量