Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Fixing Smart Contract Vulnerabilities: A Comparative Analysis of Literature and Developer's Practices (2403.07458v1)

Published 12 Mar 2024 in cs.SE

Abstract: Smart Contracts are programs running logic in the Blockchain network by executing operations through immutable transactions. The Blockchain network validates such transactions, storing them into sequential blocks of which integrity is ensured. Smart Contracts deal with value stakes, if a damaging transaction is validated, it may never be reverted, leading to unrecoverable losses. To prevent this, security aspects have been explored in several fields, with research providing catalogs of security defects, secure code recommendations, and possible solutions to fix vulnerabilities. In our study, we refer to vulnerability fixing in the ways found in the literature as guidelines. However, it is not clear to what extent developers adhere to these guidelines, nor whether there are other viable common solutions and what they are. The goal of our research is to fill knowledge gaps related to developers' observance of existing guidelines and to propose new and viable solutions to security vulnerabilities. To reach our goal, we will obtain from Solidity GitHub repositories the commits that fix vulnerabilities included in the DASP TOP 10 and we will conduct a manual analysis of fixing approaches employed by developers. Our analysis aims to determine the extent to which literature-based fixing strategies are followed. Additionally, we will identify and discuss emerging fixing techniques not currently documented in the literature. Through qualitative analysis, we will evaluate the suitability of these new fixing solutions and discriminate between valid approaches and potential mistakes.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (29)
  1. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, page 21260, 2008.
  2. Smart contract development: Challenges and opportunities. IEEE Transactions on Software Engineering, 47(10):2084–2106, 2019.
  3. Blockchain-oriented software engineering: challenges and new directions. In 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pages 169–171. IEEE, 2017.
  4. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE, 2019.
  5. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain, pages 9–16, 2018.
  6. Smartbugs: A framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pages 1349–1352, 2020.
  7. Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International conference on software engineering, pages 530–541, 2020.
  8. How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 415–427, 2020.
  9. Review of automated vulnerability analysis of smart contracts on ethereum. Frontiers in Blockchain, 5:814977, 2022.
  10. Security smells in smart contracts. In 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 442–449, 2019.
  11. Defining smart contract defects on ethereum. IEEE Transactions on Software Engineering, 48(1):327–345, 2020.
  12. Security code recommendations for smart contract. In 2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pages 190–200, 2023.
  13. A survey of consensus algorithms for blockchain technology. In 2019 International Conference on Computer and Information Sciences (ICCIS), pages 1–6, 2019.
  14. Nick Szabo. Formalizing and securing relationships on public networks. First monday, 1997.
  15. Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1829–1846, 2023.
  16. Vitalik Buterin et al. A next-generation smart contract and decentralized application platform. white paper, 3(37):2–1, 2014.
  17. An empirical evaluation of the effectiveness of smart contract verification tools. In 2021 IEEE 26th Pacific Rim International Symposium on Dependable Computing (PRDC), pages 17–26. IEEE, 2021.
  18. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 259–269, 2018.
  19. Smartmixmodel: machine learning-based vulnerability detection of solidity smart contracts. In 2022 IEEE international conference on blockchain (Blockchain), pages 37–44. IEEE, 2022.
  20. Reentrancy vulnerability detection and localization: A deep learning based two-phase approach. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pages 1–13, 2022.
  21. Asem Ghaleb. Towards effective static analysis approaches for security vulnerabilities in smart contracts. In 37th IEEE/ACM International Conference on Automated Software Engineering, pages 1–5, 2022.
  22. Sguard: towards fixing vulnerable smart contracts automatically. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1215–1229. IEEE, 2021.
  23. Tips: towards automating patch suggestion for vulnerable smart contracts. Automated Software Engineering, 30(2):31, 2023.
  24. Sampling projects in github for msr studies. In 2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR), pages 560–564. IEEE, 2021.
  25. What quality aspects influence the adoption of docker images? ACM Transactions on Software Engineering and Methodology, 2018.
  26. Pydriller: Python framework for mining software repositories. In Proceedings of the 2018 26th ACM Joint meeting on european software engineering conference and symposium on the foundations of software engineering, pages 908–911, 2018.
  27. Jacob Cohen. A coefficient of agreement for nominal scales. Educational and psychological measurement, 20(1):37–46, 1960.
  28. Smart contract security: A practitioners’ perspective. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pages 1410–1422. IEEE, 2021.
  29. Smartbugs 2.0: An execution framework for weakness detection in ethereum smart contracts. arXiv preprint arXiv:2306.05057, 2023.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now