J. Khor, Mansur Aliyu Masama, M. Sidorov, WeiChung Leong, JiaJun Lim
{"title":"一种改进的燃气效率库,用于保护物联网智能合约免受算术漏洞的侵害","authors":"J. Khor, Mansur Aliyu Masama, M. Sidorov, WeiChung Leong, JiaJun Lim","doi":"10.1145/3384544.3384577","DOIUrl":null,"url":null,"abstract":"Public blockchains targeting Internet of Things (IoT) are gaining more traction every day with majority of them being built on top of the Ethereum infrastructure. However, a growing number of these blockchains introduces security issues. There are 525 entries already in the Common Vulnerabilities and Exposure database related to Ethereum smart contracts. 479 of them are related to arithmetic errors, which include integer overflow or underflow. This paper, thus, concentrates on analyzing arithmetic vulnerabilities found in existing public blockchains targeted at IoT applications. Furthermore, the performance in terms of security and gas cost of smart contracts is analyzed with and without SafeMath library. In addition, an improved SafeMath library is proposed that has better arithmetic coverage and requires lower gas consumption. Four security tools are used to analyze the arithmetic protection of the improved SafeMath library. The results show that the improved SafeMath library is able to cover 4 more arithmetic operations compared to the original one by using only two common conditions checks and is capable of saving 26 units of gas, which is a significant amount in the long run.","PeriodicalId":200246,"journal":{"name":"Proceedings of the 2020 9th International Conference on Software and Computer Applications","volume":"88 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"An Improved Gas Efficient Library for Securing IoT Smart Contracts Against Arithmetic Vulnerabilities\",\"authors\":\"J. Khor, Mansur Aliyu Masama, M. Sidorov, WeiChung Leong, JiaJun Lim\",\"doi\":\"10.1145/3384544.3384577\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Public blockchains targeting Internet of Things (IoT) are gaining more traction every day with majority of them being built on top of the Ethereum infrastructure. However, a growing number of these blockchains introduces security issues. There are 525 entries already in the Common Vulnerabilities and Exposure database related to Ethereum smart contracts. 479 of them are related to arithmetic errors, which include integer overflow or underflow. This paper, thus, concentrates on analyzing arithmetic vulnerabilities found in existing public blockchains targeted at IoT applications. Furthermore, the performance in terms of security and gas cost of smart contracts is analyzed with and without SafeMath library. In addition, an improved SafeMath library is proposed that has better arithmetic coverage and requires lower gas consumption. Four security tools are used to analyze the arithmetic protection of the improved SafeMath library. The results show that the improved SafeMath library is able to cover 4 more arithmetic operations compared to the original one by using only two common conditions checks and is capable of saving 26 units of gas, which is a significant amount in the long run.\",\"PeriodicalId\":200246,\"journal\":{\"name\":\"Proceedings of the 2020 9th International Conference on Software and Computer Applications\",\"volume\":\"88 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 9th International Conference on Software and Computer Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3384544.3384577\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 9th International Conference on Software and Computer Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3384544.3384577","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Improved Gas Efficient Library for Securing IoT Smart Contracts Against Arithmetic Vulnerabilities
Public blockchains targeting Internet of Things (IoT) are gaining more traction every day with majority of them being built on top of the Ethereum infrastructure. However, a growing number of these blockchains introduces security issues. There are 525 entries already in the Common Vulnerabilities and Exposure database related to Ethereum smart contracts. 479 of them are related to arithmetic errors, which include integer overflow or underflow. This paper, thus, concentrates on analyzing arithmetic vulnerabilities found in existing public blockchains targeted at IoT applications. Furthermore, the performance in terms of security and gas cost of smart contracts is analyzed with and without SafeMath library. In addition, an improved SafeMath library is proposed that has better arithmetic coverage and requires lower gas consumption. Four security tools are used to analyze the arithmetic protection of the improved SafeMath library. The results show that the improved SafeMath library is able to cover 4 more arithmetic operations compared to the original one by using only two common conditions checks and is capable of saving 26 units of gas, which is a significant amount in the long run.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
