Loading…
SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection
Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billi...
Saved in:
| Published in: | Security and communication networks 2021-09, Vol.2021, p.1-14 |
|---|---|
| Main Authors: | , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683 |
| container_end_page | 14 |
| container_issue | |
| container_start_page | 1 |
| container_title | Security and communication networks |
| container_volume | 2021 |
| creator | Ali, Amir Abideen, Zain Ul Ullah, Kalim |
| description | Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection. |
| doi_str_mv | 10.1155/2021/2897565 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2578644488</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2578644488</sourcerecordid><originalsourceid>FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683</originalsourceid><addsrcrecordid>eNp9kM1KAzEURoMoWKs7HyDgUscmmTuTxJ209QcLCqNuQyaT0CntTE0ySHe-hq_nkzilxaWre-Ee7sd3EDqn5JrSLBsxwuiICcmzPDtAAypTmRDK2OHfTuEYnYSwICSnwGGAnoppMW6bG1xY03mLp3Fuve1WuFhpH3F_il6bGHC5we_dsrFel0uLX3SM1jfh5-sbT2y0JtZtc4qOnF4Ge7afQ_R2N30dPySz5_vH8e0sMWnKY2KcI6xMgTowaaWdyAixAhyrCHAnjJSSUWccZ7LModI5lWClMGBIySEX6RBd7P6uffvR2RDVou1800cqlnGRA4DYUlc7yvg2BG-dWvu6L7VRlKitLrXVpfa6evxyh8_rptKf9f_0L6rwabM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2578644488</pqid></control><display><type>article</type><title>SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection</title><source>Publicly Available Content Database</source><source>Wiley Open Access</source><creator>Ali, Amir ; Abideen, Zain Ul ; Ullah, Kalim</creator><contributor>Ullah, Farhan ; Farhan Ullah</contributor><creatorcontrib>Ali, Amir ; Abideen, Zain Ul ; Ullah, Kalim ; Ullah, Farhan ; Farhan Ullah</creatorcontrib><description>Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2021/2897565</identifier><language>eng</language><publisher>London: Hindawi</publisher><subject>Analyzers ; Blockchain ; Contracts ; Cryptography ; Digital currencies ; Domains ; Source code ; Standardization ; Supply chains ; Taxonomy</subject><ispartof>Security and communication networks, 2021-09, Vol.2021, p.1-14</ispartof><rights>Copyright © 2021 Amir Ali et al.</rights><rights>Copyright © 2021 Amir Ali et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683</citedby><cites>FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683</cites><orcidid>0000-0001-6872-3588</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2578644488?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,25752,27923,27924,37011,44589</link.rule.ids></links><search><contributor>Ullah, Farhan</contributor><contributor>Farhan Ullah</contributor><creatorcontrib>Ali, Amir</creatorcontrib><creatorcontrib>Abideen, Zain Ul</creatorcontrib><creatorcontrib>Ullah, Kalim</creatorcontrib><title>SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection</title><title>Security and communication networks</title><description>Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.</description><subject>Analyzers</subject><subject>Blockchain</subject><subject>Contracts</subject><subject>Cryptography</subject><subject>Digital currencies</subject><subject>Domains</subject><subject>Source code</subject><subject>Standardization</subject><subject>Supply chains</subject><subject>Taxonomy</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNp9kM1KAzEURoMoWKs7HyDgUscmmTuTxJ209QcLCqNuQyaT0CntTE0ySHe-hq_nkzilxaWre-Ee7sd3EDqn5JrSLBsxwuiICcmzPDtAAypTmRDK2OHfTuEYnYSwICSnwGGAnoppMW6bG1xY03mLp3Fuve1WuFhpH3F_il6bGHC5we_dsrFel0uLX3SM1jfh5-sbT2y0JtZtc4qOnF4Ge7afQ_R2N30dPySz5_vH8e0sMWnKY2KcI6xMgTowaaWdyAixAhyrCHAnjJSSUWccZ7LModI5lWClMGBIySEX6RBd7P6uffvR2RDVou1800cqlnGRA4DYUlc7yvg2BG-dWvu6L7VRlKitLrXVpfa6evxyh8_rptKf9f_0L6rwabM</recordid><startdate>20210921</startdate><enddate>20210921</enddate><creator>Ali, Amir</creator><creator>Abideen, Zain Ul</creator><creator>Ullah, Kalim</creator><general>Hindawi</general><general>Hindawi Limited</general><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0001-6872-3588</orcidid></search><sort><creationdate>20210921</creationdate><title>SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection</title><author>Ali, Amir ; Abideen, Zain Ul ; Ullah, Kalim</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Analyzers</topic><topic>Blockchain</topic><topic>Contracts</topic><topic>Cryptography</topic><topic>Digital currencies</topic><topic>Domains</topic><topic>Source code</topic><topic>Standardization</topic><topic>Supply chains</topic><topic>Taxonomy</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ali, Amir</creatorcontrib><creatorcontrib>Abideen, Zain Ul</creatorcontrib><creatorcontrib>Ullah, Kalim</creatorcontrib><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access Journals</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ProQuest Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ali, Amir</au><au>Abideen, Zain Ul</au><au>Ullah, Kalim</au><au>Ullah, Farhan</au><au>Farhan Ullah</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection</atitle><jtitle>Security and communication networks</jtitle><date>2021-09-21</date><risdate>2021</risdate><volume>2021</volume><spage>1</spage><epage>14</epage><pages>1-14</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>Ethereum smart contracts have been gaining popularity toward the automation of so many domains, i.e., FinTech, IoT, and supply chain, which are based on blockchain technology. The most critical domain, e.g., FinTech, has been targeted by so many successful attacks due to its financial worth of billions of dollars. In all attacks, the vulnerability in the source code of smart contracts is being exploited and causes the steal of millions of dollars. To find the vulnerability in the source code of smart contracts written in Solidity language, a state-of-the-art work provides a lot of solutions based on dynamic or static analysis. However, these tools have shown a lot of false positives/negatives against the smart contracts having complex logic. Furthermore, the output of these tools is not reported in a standard way with their actual vulnerability names as per standards defined by the Ethereum community. To solve these problems, we have introduced a static analysis tool, SESCon (secure Ethereum smart contract), applying the taint analysis techniques with XPath queries. Our tool outperforms other analyzers and detected up to 90% of the known vulnerability patterns. SESCon also reports the detected vulnerabilities with their titles, descriptions, and remediations as per defined standards by the Ethereum community. SESCon will serve as a foundation for the standardization of vulnerability detection.</abstract><cop>London</cop><pub>Hindawi</pub><doi>10.1155/2021/2897565</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0001-6872-3588</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1939-0114 |
| ispartof | Security and communication networks, 2021-09, Vol.2021, p.1-14 |
| issn | 1939-0114 1939-0122 |
| language | eng |
| recordid | cdi_proquest_journals_2578644488 |
| source | Publicly Available Content Database; Wiley Open Access |
| subjects | Analyzers Blockchain Contracts Cryptography Digital currencies Domains Source code Standardization Supply chains Taxonomy |
| title | SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T00%3A04%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=SESCon:%20Secure%20Ethereum%20Smart%20Contracts%20by%20Vulnerable%20Patterns%E2%80%99%20Detection&rft.jtitle=Security%20and%20communication%20networks&rft.au=Ali,%20Amir&rft.date=2021-09-21&rft.volume=2021&rft.spage=1&rft.epage=14&rft.pages=1-14&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2021/2897565&rft_dat=%3Cproquest_cross%3E2578644488%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c337t-cff02b341f4c3daf8500e84f2d047f8c99921fcf729b64da6194e98c4c0b74683%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2578644488&rft_id=info:pmid/&rfr_iscdi=true |