{"title":"区块链中的智能合约漏洞检测:关键方法综述与比较分析","authors":"Yoganand Kissoon, Girish Bekaroo","doi":"10.1109/NextComp55567.2022.9932169","DOIUrl":null,"url":null,"abstract":"Blockchain technology was created with security in mind. However, in recent years, there has been various confirmed cases of breach, worth billions of dollars loss in Blockchain associated to smart contracts. In order to address this growing concern, it is crucial to investigate detection and mitigation of vulnerabilities in smart contract, and this paper critically reviews and analyses key approaches for detecting vulnerabilities in smart contract within Blockchain. In order to achieve the purpose of this paper, five key approaches, notably the application of OWASP Top 10, SCSVS, vulnerability detection tools, fuzz testing and the AI-driven approaches are critically reviewed and compared. As part of the comparison performed, a penetration testing quality model was applied to study six quality metrics, notably extensibility, maintainability, domain coverage, usability, availability and reliability. Results revealed limitations of the studied vulnerability detection approaches and findings are expected to help in decision making especially when selecting approaches to be used during security analysis and pen-testing.","PeriodicalId":422085,"journal":{"name":"2022 3rd International Conference on Next Generation Computing Applications (NextComp)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Detecting Vulnerabilities in Smart Contract within Blockchain: A Review and Comparative Analysis of Key Approaches\",\"authors\":\"Yoganand Kissoon, Girish Bekaroo\",\"doi\":\"10.1109/NextComp55567.2022.9932169\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Blockchain technology was created with security in mind. However, in recent years, there has been various confirmed cases of breach, worth billions of dollars loss in Blockchain associated to smart contracts. In order to address this growing concern, it is crucial to investigate detection and mitigation of vulnerabilities in smart contract, and this paper critically reviews and analyses key approaches for detecting vulnerabilities in smart contract within Blockchain. In order to achieve the purpose of this paper, five key approaches, notably the application of OWASP Top 10, SCSVS, vulnerability detection tools, fuzz testing and the AI-driven approaches are critically reviewed and compared. As part of the comparison performed, a penetration testing quality model was applied to study six quality metrics, notably extensibility, maintainability, domain coverage, usability, availability and reliability. Results revealed limitations of the studied vulnerability detection approaches and findings are expected to help in decision making especially when selecting approaches to be used during security analysis and pen-testing.\",\"PeriodicalId\":422085,\"journal\":{\"name\":\"2022 3rd International Conference on Next Generation Computing Applications (NextComp)\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 3rd International Conference on Next Generation Computing Applications (NextComp)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NextComp55567.2022.9932169\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 3rd International Conference on Next Generation Computing Applications (NextComp)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NextComp55567.2022.9932169","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
区块链技术是在考虑安全性的情况下创建的。然而,近年来,已经有各种确认的违规案例,价值数十亿美元的损失与智能合约有关。为了解决这一日益严重的问题,研究智能合约漏洞的检测和缓解至关重要,本文批判性地回顾和分析了区块链中智能合约漏洞检测的关键方法。为了达到本文的目的,本文对OWASP Top 10、SCSVS、漏洞检测工具、模糊测试和人工智能驱动的五种关键方法的应用进行了批判性的回顾和比较。作为进行比较的一部分,一个渗透测试质量模型被应用于研究六个质量度量,特别是可扩展性、可维护性、域覆盖、可用性、可用性和可靠性。结果揭示了所研究的漏洞检测方法的局限性,研究结果有望帮助决策制定,特别是在选择安全分析和渗透测试期间使用的方法时。
Detecting Vulnerabilities in Smart Contract within Blockchain: A Review and Comparative Analysis of Key Approaches
Blockchain technology was created with security in mind. However, in recent years, there has been various confirmed cases of breach, worth billions of dollars loss in Blockchain associated to smart contracts. In order to address this growing concern, it is crucial to investigate detection and mitigation of vulnerabilities in smart contract, and this paper critically reviews and analyses key approaches for detecting vulnerabilities in smart contract within Blockchain. In order to achieve the purpose of this paper, five key approaches, notably the application of OWASP Top 10, SCSVS, vulnerability detection tools, fuzz testing and the AI-driven approaches are critically reviewed and compared. As part of the comparison performed, a penetration testing quality model was applied to study six quality metrics, notably extensibility, maintainability, domain coverage, usability, availability and reliability. Results revealed limitations of the studied vulnerability detection approaches and findings are expected to help in decision making especially when selecting approaches to be used during security analysis and pen-testing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
