International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design Model for Extensible Architecture of Smart Contract Vulnerability Detection Tool

  • Choi, Yun-seok (Department of Computer Science, Dongduk Women's University) ;
  • Lee, Wan Yeon (Department of Computer Science, Dongduk Women's University)
  • Received : 2020.07.05
  • Accepted : 2020.07.18
  • Published : 2020.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Smart contract, one of the applications of blockchain, is expected to be used in various industries. However, there is risks of damages caused by attacks on vulnerabilities in smart contract codes. Tool support is essential to detect vulnerabilities, and as new vulnerabilities emerge and smart contract implementation languages increase, the tools must have extensibility for them. We propose a design model for extensible architecture of smart contract vulnerability detection tools that detect vulnerabilities in smart contract source codes. The proposed model is composed of design pattern-based structures that provides extensibility to easily support extension of detecting modules for new vulnerabilities and other implementation languages of smart contract. In the model, detecting modules are composed of independent module, so modifying or adding of module do not affect other modules and the system structure.

Keywords

References

  1. Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org
  2. L. Luu, D. Chu, H. Olickel, P. Saxena, and A. Hobor, "Making Smart Contracts Smarter," in Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254-269, Oct. 2016. DOI: https://doi.org/10.1145/2976749.2978309
  3. Ethereum Foundation, Ethereum Whitepaper, https://ethereum.org/en/whitepaper/
  4. N.F. Samreen and M.H. Alalfi, "Reentrancy Vulnerability Identification in Ethereum Smart Contracts," in Proc. 2020 IEEE International Workshop on Blockchain Oriented Software Engineering, pp. 22-29, Feb.18, 2020. DOI: https://doi.org/10.1109/IWBOSE50093.2020.9050260
  5. A. Dika and M. Nowostawski, "Security Vulnerabilities in Ethereum Smart Contracts," in Proc. 2018 IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data, pp. 955-962, July 2018. DOI: https://doi.org/10.1109/Cybermatics_2018.2018.00182
  6. P. Qian, Z. Liu, Q. He, R. Zimmermann, and X. Wang, "Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models," IEEE Access, Vol. 8, pp. 19685-19695, Jan. 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2969429
  7. SWC Registry(Smart Contract Weakness Classification and Test Cases), https://swcregistry.io/
  8. CVE(Common Vulnerabilities and Exposures), https://cve.mitre.org/
  9. CWE(Common Weakness Enumeration), https://cwe.mitre.org/
  10. B. Mueller, A Framework for Bug Hunting on the Ethereum Blockchain, https://github.com/ConsenSys/mythril
  11. S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov, "Smartcheck: Static analysis of Ethereum smart contracts," in Proc. IEEE/ACM 1st Int. Workshop Emerg. Trends Softw. Eng. Blockchain (WETSEB), pp. 9-16, May/Jun. 2018. DOI: https://doi.org/10.1145/3194113.3194115
  12. Z. Zheng, S. Xie, H.N. Dai, X. Chen, and H. Wang, “Blockchain challenges and opportunities,” International Journal of Web and Grid Services(IJWGS), Vol. 14, No. 4, pp. 352-375, Oct. 2018. DOI: https://doi.org/10.1504/IJWGS.2018.095647
  13. W.Y. Lee and Y.S. Choi, "Vulnerability and Cost Analysis of Heterogeneous Smart Contract Programs in Blockchain Systems," Current Trends in Computer Sciences & Applications, Vol. 2, Issue 1, pp. 142-145, Feb. 2020. DOI: https://doi.org/10.32474/CTCSA.2020.02.000126
  14. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design pattern, Addison Wesley, pp. 107-116, pp.315-324, 1995