基于以太坊的智能合约应用漏洞评估

2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS) Pub Date : 2021-06-26 DOI:10.1109/I2CACIS52118.2021.9495892

Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi

{"title":"基于以太坊的智能合约应用漏洞评估","authors":"Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi","doi":"10.1109/I2CACIS52118.2021.9495892","DOIUrl":null,"url":null,"abstract":"A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.","PeriodicalId":210770,"journal":{"name":"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Vulnerability Assessment on Ethereum Based Smart Contract Applications\",\"authors\":\"Nurul Aida Noor Aidee, M. Johar, M. H. Alkawaz, Asif Iqbal Hajamydeen, Mohammed Sabbih Hamoud Al-Tamimi\",\"doi\":\"10.1109/I2CACIS52118.2021.9495892\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.\",\"PeriodicalId\":210770,\"journal\":{\"name\":\"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I2CACIS52118.2021.9495892\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I2CACIS52118.2021.9495892","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

智能合约是两个人之间以计算机代码形式达成的协议。在区块链环境中，智能合约执行并存储在不可修改的共享分类账中。以太坊是用于智能合约的主要平台之一，其中坚实性基本上是以太坊中用于构建智能合约的高级编程语言。编码员最近发现的漏洞没有在分析工具(SmartCheck)中更新，因此无法检测漏洞。没有现有的模式定义来检测这些漏洞。本文重点改进了Smartcheck分析方法，将solid源代码转换为基于XML的中间表示，并针对XPath模式进行了验证。此外，还列出了最新的漏洞，以创建检测此类漏洞的新模式。用真实世界的数据集对所提出的方法进行了评估，并将结果与类似工具进行了比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Vulnerability Assessment on Ethereum Based Smart Contract Applications

A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS)

自引率

0.00%

发文量