A Fuzzy Testing Method for Gas-Related Vulnerability Detection in Smart Contracts

2022 ◽  
pp. 407-418
Author(s):  
Xiaoyin Wang ◽  
Donghai Hou ◽  
Chaobao Tang ◽  
Shuo Lv
Keyword(s):  
Smart Contracts ◽  
Vulnerability Detection ◽  
Testing Method

scholarly journals SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

2018 ◽  
Vol 7 (2.3) ◽  
pp. 4 ◽  
Author(s):  
Md Maruf Hassan ◽  
Touhid Bhuyian ◽  
M Khaled Sohel ◽  
Md Hasan Sharif ◽  
Saikat Biswas
Keyword(s):  
Information Disclosure ◽  
Web Applications ◽  
Sensitive Information ◽  
Vulnerability Detection ◽  
Security Breaches ◽  
Detection Model ◽  
Testing Method ◽  
User Friendly ◽  
Local File ◽  
The Web

Communicating and delivering services to the consumers through web applications are now become very popular due to its user friendly interface, global accessibility, and easy manageability. Careless design and development of web applications are the key reasons for security breaches which are very alarming for the users as well as the web administrators. Currently, Local File Inclusion (LFI) vulnerability is found present commonly in several web applications that lead to remote code execution in host server and initiates sensitive information disclosure. Detection of LFI vulnerability is getting very critical concern for the web owner to take effective measures to mitigate the risk. After reviewing literatures, we found insignificant researches conducted on automated detection of LFI vulnerability. This paper has proposed an automated LFI vulnerability detection model, SAISANfor web applications and implemented it through a tool. 265 web applications of four different sectors has been examined and received 88% accuracy from the tool comparing with the manual penetration testing method.

An Efficient Vulnerability Detection Model for Ethereum Smart Contracts

2019 ◽  
pp. 433-442
Author(s):  
Jingjing Song ◽  
Haiwu He ◽  
Zhuo Lv ◽  
Chunhua Su ◽  
Guangquan Xu ◽  
...  
Keyword(s):  
Smart Contracts ◽  
Vulnerability Detection ◽  
Detection Model

scholarly journals SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Amir Ali ◽  
Zain Ul Abideen ◽  
Kalim Ullah
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Analysis Tool ◽  
Smart Contracts ◽  
Vulnerability Detection ◽  
Taint Analysis ◽  
Analysis Techniques ◽  
Blockchain Technology ◽  
Smart Contract ◽  
Static Analysis Tool

Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.

scholarly journals Smart Contract Innovation and Blockchain-Based Tokenization in Higher Education

2021 ◽  
Vol 5 (4) ◽  
pp. 636
Author(s):  
I Ketut Gunawan ◽  
Ninda Lutfiani ◽  
Qurotul Aini ◽  
Fitria Marwati Suryaman ◽  
Abas Sunarya
Keyword(s):  
Data Security ◽  
Third Parties ◽  
Smart Contracts ◽  
Security Guards ◽  
Testing Method ◽  
Review Analysis ◽  
Smart Contract ◽  
Transaction Process ◽  
Valid Data ◽  
The Right

Blockchain which includes smart contract and tokenization features is the latest technology in the world, especially Indonesia. Smart contracts and tokenization make it very easy for users and can maintain valid data security, but there are still many universities that have not implemented the system so they have to involve many parties and costs. The problem taken in this study is the payment process for transactions such as credit and data processing that is vulnerable to illegal data leakage. This study aims to develop a smart contract system and blockchain tokenization in universities in the payment transaction process. The method used in this research is literature review analysis and testing method. The implementation of smart contracts and tokenization can replace third parties as security guards of transaction data with all Blockchain users paying attention and ensuring the integrity of the entire process and activity. This of course can avoid problems that arise from the presence of third parties in the transaction process. So it can be concluded that the implementation of smart contracts and Blockchain tokenization in payment transactions is the right solution to be applied in the payment transaction process at universities.

scholarly journals Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion

2021 ◽  
Author(s):  
Zhenguang Liu ◽  
Peng Qian ◽  
Xiang Wang ◽  
Lei Zhu ◽  
Qinming He ◽  
...  
Keyword(s):  
Deep Learning ◽  
Expert Knowledge ◽  
Source Code ◽  
Smart Contracts ◽  
Learning Approaches ◽  
Vulnerability Detection ◽  
Security Issues ◽  
The Past ◽  
Smart Contract ◽  
Local Expert

Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

Sign in / Sign up

Export Citation Format

Share Document