Van Cuong Bui, S. Wen, Jiangshan Yu, Xin Xia, M. S. Haghighi, Yang Xiang
{"title":"评估可升级智能合约","authors":"Van Cuong Bui, S. Wen, Jiangshan Yu, Xin Xia, M. S. Haghighi, Yang Xiang","doi":"10.1109/Blockchain53845.2021.00041","DOIUrl":null,"url":null,"abstract":"Smart contracts have been developed and employed in both permissioned and permissionless blockchains recently, mainly to enforce agreements among parties without the need for intermediaries. This achievement is the result of blockchain immutability which guarantees that no party can alter the conditions of an already deployed contract. However, immutability also makes patching or updating contracts impossible even when incorrectness, unfairness, or security flaws are spotted in them. So far, researchers in academia and industry have developed two main methods, data segregation and proxy storage, with six patterns to make deployed contracts upgradable. However, until now, there has been no comprehensive framework that can simultaneously offer upgradability, security resilience, and scalability features. For example, none of the existing solutions have implemented any security mechanism that can resist attacks such as the DAO one. Through extensive analysis and implementation of all these patterns, and taking state-of-the-art attacks on the Ethereum network into consideration, we propose our innovative framework, “Comprehensive-Data-Proxy pattern” which uses data segregation on the top of proxy pattern, that can completely defend against any types of Reentrancy attacks. Additionally, this solution mitigates the scalability issue of the proxy pattern. Our experiments show that the framework can address these two issues with negligible impact on performance.","PeriodicalId":372721,"journal":{"name":"2021 IEEE International Conference on Blockchain (Blockchain)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Evaluating Upgradable Smart Contract\",\"authors\":\"Van Cuong Bui, S. Wen, Jiangshan Yu, Xin Xia, M. S. Haghighi, Yang Xiang\",\"doi\":\"10.1109/Blockchain53845.2021.00041\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart contracts have been developed and employed in both permissioned and permissionless blockchains recently, mainly to enforce agreements among parties without the need for intermediaries. This achievement is the result of blockchain immutability which guarantees that no party can alter the conditions of an already deployed contract. However, immutability also makes patching or updating contracts impossible even when incorrectness, unfairness, or security flaws are spotted in them. So far, researchers in academia and industry have developed two main methods, data segregation and proxy storage, with six patterns to make deployed contracts upgradable. However, until now, there has been no comprehensive framework that can simultaneously offer upgradability, security resilience, and scalability features. For example, none of the existing solutions have implemented any security mechanism that can resist attacks such as the DAO one. Through extensive analysis and implementation of all these patterns, and taking state-of-the-art attacks on the Ethereum network into consideration, we propose our innovative framework, “Comprehensive-Data-Proxy pattern” which uses data segregation on the top of proxy pattern, that can completely defend against any types of Reentrancy attacks. Additionally, this solution mitigates the scalability issue of the proxy pattern. Our experiments show that the framework can address these two issues with negligible impact on performance.\",\"PeriodicalId\":372721,\"journal\":{\"name\":\"2021 IEEE International Conference on Blockchain (Blockchain)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Blockchain (Blockchain)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Blockchain53845.2021.00041\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Blockchain (Blockchain)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Blockchain53845.2021.00041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Smart contracts have been developed and employed in both permissioned and permissionless blockchains recently, mainly to enforce agreements among parties without the need for intermediaries. This achievement is the result of blockchain immutability which guarantees that no party can alter the conditions of an already deployed contract. However, immutability also makes patching or updating contracts impossible even when incorrectness, unfairness, or security flaws are spotted in them. So far, researchers in academia and industry have developed two main methods, data segregation and proxy storage, with six patterns to make deployed contracts upgradable. However, until now, there has been no comprehensive framework that can simultaneously offer upgradability, security resilience, and scalability features. For example, none of the existing solutions have implemented any security mechanism that can resist attacks such as the DAO one. Through extensive analysis and implementation of all these patterns, and taking state-of-the-art attacks on the Ethereum network into consideration, we propose our innovative framework, “Comprehensive-Data-Proxy pattern” which uses data segregation on the top of proxy pattern, that can completely defend against any types of Reentrancy attacks. Additionally, this solution mitigates the scalability issue of the proxy pattern. Our experiments show that the framework can address these two issues with negligible impact on performance.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
