scholarly journals SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Amir Ali ◽  
Zain Ul Abideen ◽  
Kalim Ullah
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Analysis Tool ◽  
Smart Contracts ◽  
Vulnerability Detection ◽  
Taint Analysis ◽  
Analysis Techniques ◽  
Blockchain Technology ◽  
Smart Contract ◽  
Static Analysis Tool

Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.

scholarly journals RA: A Static Analysis Tool for Analyzing Re-Entrancy Attacks in Ethereum Smart Contracts

2021 ◽  
Vol 29 (0) ◽  
pp. 537-547
Author(s):  
Yuichiro Chinen ◽  
Naoto Yanai ◽  
Jason Paul Cruz ◽  
Shingo Okamura
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
Smart Contracts ◽  
Static Analysis Tool

scholarly journals SEMANTIC APPROACH TO SMART CONTRACT VERIFICATION

2020 ◽  
Vol 19 (1) ◽  
pp. 021
Author(s):  
Nenad Petrović ◽  
Milorad Tošić
Keyword(s):  
Domain Knowledge ◽  
Expert Knowledge ◽  
Semantic Representation ◽  
Formal Semantics ◽  
Source Code ◽  
Limiting Factors ◽  
Smart Contracts ◽  
Semantic Approach ◽  
Blockchain Technology ◽  
Smart Contract

Vulnerabilities of smart contract are certainly one of the limiting factors for wider adoption of blockchain technology. Smart contracts written in Solidity language are considered due to common adoption of the Ethereum blockchain platform. Despite its popularity, the semantics of the language is not completely documented and relies on implicit mechanisms not publicly available and as such vulnerable to possible attacks. In addition, creating formal semantics for the higher-level language provides support to verification mechanisms. In this paper, a novel approach to smart contact verification is presented that uses ontologies in order to leverage semantic annotations of the smart contract source code combined with semantic representation of domain-specific aspects. The following aspects of smart contracts, apart from source code are taken into consideration for verification: business logic, domain knowledge, run-time state changes and expert knowledge about vulnerabilities. Main advantages of the proposed verification approach are platform independence and extendability.

scholarly journals Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion

2021 ◽  
Author(s):  
Zhenguang Liu ◽  
Peng Qian ◽  
Xiang Wang ◽  
Lei Zhu ◽  
Qinming He ◽  
...  
Keyword(s):  
Deep Learning ◽  
Expert Knowledge ◽  
Source Code ◽  
Smart Contracts ◽  
Learning Approaches ◽  
Vulnerability Detection ◽  
Security Issues ◽  
The Past ◽  
Smart Contract ◽  
Local Expert

Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features. Thereafter, the global graph feature and local expert patterns are fused to cooperate and approach the final prediction, while yielding their interpretable weights. Experiments are conducted on all available smart contracts with source code in two platforms, Ethereum and VNT Chain. Empirically, our system significantly outperforms state-of-the-art methods. Our code is released.

scholarly journals Static Analysis: An Introduction

Queue ◽  
2021 ◽  
Vol 19 (4) ◽  
pp. 29-41
Author(s):  
Patrick Thomson
Keyword(s):  
Computer Science ◽  
Static Analysis ◽  
Source Code ◽  
Theory And Practice ◽  
Analysis Tool ◽  
Linux Kernel ◽  
Analysis Tools ◽  
The Future ◽  
Static Analysis Tool

Modern static-analysis tools provide powerful and specific insights into codebases. The Linux kernel team, for example, developed Coccinelle, a powerful tool for searching, analyzing, and rewriting C source code; because the Linux kernel contains more than 27 million lines of code, a static-analysis tool is essential both for finding bugs and for making automated changes across its many libraries and modules. Another tool targeted at the C family of languages is Clang scan-build, which comes with many useful analyses and provides an API for programmers to write their own analyses. Like so many things in computer science, the utility of static analysis is self-referential: To write reliable programs, we must also write programs for our programs. But this is no paradox. Static-analysis tools, complex though their theory and practice may be, are what will enable us, and engineers of the future, to overcome this challenge and yield the knowledge and insights that we practitioners deserve.

scholarly journals A static analysis tool Svace as a collection of analyzers with various complexity levels

2015 ◽  
Vol 27 (6) ◽  
pp. 111-134 ◽  
Author(s):  
A. Borodin ◽  
A. Belevancev
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
Static Analysis Tool

scholarly journals Evaluation of SQL Injection Vulnerability Detection Tools

2019 ◽  
Vol 9 (1) ◽  
pp. 1747-1751
Keyword(s):  
Static Analysis ◽  
Web Applications ◽  
Source Code ◽  
False Negative ◽  
Vulnerability Detection ◽  
Sql Injection ◽  
User Input ◽  
Root Cause ◽  
Analysis Tools ◽  
Free Open Source

SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.

SharpChecker: Static analysis tool for C# programs

2017 ◽  
Vol 43 (4) ◽  
pp. 268-276 ◽  
Author(s):  
V. K. Koshelev ◽  
V. N. Ignatiev ◽  
A. I. Borzilov ◽  
A. A. Belevantsev
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
C Programs ◽  
Static Analysis Tool

A Study of Use Cases for Smart Contracts Using Blockchain Technology

2021 ◽  
pp. 1823-1844
Author(s):  
S R Mani Sekhar ◽  
Siddesh G M ◽  
Swapnil Kalra ◽  
Shaswat Anand
Keyword(s):  
Natural Disaster ◽  
Vital Role ◽  
Use Cases ◽  
Use Case ◽  
Smart Contracts ◽  
Digital Identity ◽  
Blockchain Technology ◽  
Smart Contract ◽  
Healthcare Finance ◽  
Natural Disaster Management

Blockchain technology is an emerging and rapidly growing technology in the current world scenario. It is a collection of records connected through cryptography. They play a vital role in smart contracts. Smart contracts are present in blockchains which are self-controlled and trustable. It can be integrated across various domains like healthcare, finance, self-sovereign identity, governance, logistics management and home care, etc. The purpose of this article is to analyze the various use cases of smart contracts in different domains and come up with a model which may be used in the future. Subsequently, a detailed description of a smart contract and blockchain is provided. Next, different case-studies related to five different domains is discussed with the help of use case diagrams. Finally, a solution for natural disaster management has been proposed by integrating smart contract, digital identity, policies and blockchain technologies, which can be used effectively for providing relief to victims during times of natural disaster.

Sign in / Sign up

Export Citation Format

Share Document