Security Assurance for Smart Contract
| Autor: | Ence Zhou, Hidetoshi Kurihara, Yashihide Nomura, Kazuhiro Yamashita, Bingfeng Pi, Hua Song, Jun Sun |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Structure (mathematical logic)
Cryptocurrency Correctness Source code Smart contract Syntax (programming languages) Computer science media_common.quotation_subject 020207 software engineering 02 engineering and technology Static analysis Computer security computer.software_genre Software security assurance 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing computer media_common |
| Zdroj: | NTMS |
| DOI: | 10.1109/ntms.2018.8328743 |
| Popis: | Currently, Bitcoin and Ethereum are the two most popular cryptocurrency systems, especially Ethereum. It permits complex financial transactions or rules through scripts, which is called smart contracts. Since Ethereum smart contracts hold millions of dollars, their execution correctness is crucial against attacks which aim at stealing the assets. In this paper, we proposed a security assurance method for smart contract source code to find potential security risks. It contains two main functions, the first is syntax topological analysis of smart contract invocation relationship, to help developers to understand their code structure clearly; the second is logic risk (which may lead to vulnerabilities) detection and location, and label results on topology diagram. For developers' convenience, we have built a static analysis tool called SASC to generate topology diagram of invocation relationship and to find potential logic risks. We have made an evaluation on 2,952 smart contracts, experiment results proved that our method is intuitive and effective. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|