Detection of Vulnerabilities of Blockchain Smart Contracts

Daojing He; Rui Wu; Xinji Li; Sammy Chan; Mohsen Guizani

doi:10.1109/JIOT.2023.3241544

Detection of Vulnerabilities of Blockchain Smart Contracts

Daojing He^*, Rui Wu, Xinji Li, Sammy Chan, Mohsen Guizani

^*Corresponding author for this work

Department of Electrical Engineering

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

70 Citations (Scopus)

Abstract

With the wide application of IoT and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This paper first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: formal verification method, symbol execution method, fuzzy testing method, intermediate representation method, stain analysis method and deep learning method. We test 27 detection tools, and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods such as deep learning method and dynamic detection methods including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future. © 2023 IEEE.

Original language	English
Pages (from-to)	12178-12185
Journal	IEEE Internet of Things Journal
Volume	10
Issue number	14
Online published	1 Feb 2023
DOIs	https://doi.org/10.1109/JIOT.2023.3241544
Publication status	Published - 15 Jul 2023

Funding

This work was supported in part by the National Key Research and Development Program of China under Grant 2021YFB2700900; in part by the Shenzhen Key Technical Project under Grant 2022N009 and Grant 202210213000050; in part by the National Natural Science Foundation of China under Grant U1936120; in part by the Fok Ying Tung Education Foundation of China under Grant 171058; and in part by the University Grants Committee of the Hong Kong Special Administrative Region, China, under Project CityU 11201421.

Research Keywords

Bitcoin
Blockchain
Blockchains
Deep learning
Internet of Things
Security
smart contract
Smart contracts
Testing
vulnerability detection

RGC Funding Information

RGC-funded

Access Output

10.1109/JIOT.2023.3241544

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{98e33e835a8e4bb7a7bfff02c7e06062,

title = "Detection of Vulnerabilities of Blockchain Smart Contracts",

abstract = "With the wide application of IoT and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This paper first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: formal verification method, symbol execution method, fuzzy testing method, intermediate representation method, stain analysis method and deep learning method. We test 27 detection tools, and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods such as deep learning method and dynamic detection methods including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future. {\textcopyright} 2023 IEEE.",

keywords = "Bitcoin, Blockchain, Blockchains, Deep learning, Internet of Things, Security, smart contract, Smart contracts, Testing, vulnerability detection",

author = "Daojing He and Rui Wu and Xinji Li and Sammy Chan and Mohsen Guizani",

year = "2023",

month = jul,

day = "15",

doi = "10.1109/JIOT.2023.3241544",

language = "English",

volume = "10",

pages = "12178--12185",

journal = "IEEE Internet of Things Journal",

issn = "2327-4662",

publisher = "IEEE",

number = "14",

}

TY - JOUR

T1 - Detection of Vulnerabilities of Blockchain Smart Contracts

AU - He, Daojing

AU - Wu, Rui

AU - Li, Xinji

AU - Chan, Sammy

AU - Guizani, Mohsen

PY - 2023/7/15

Y1 - 2023/7/15

N2 - With the wide application of IoT and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This paper first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: formal verification method, symbol execution method, fuzzy testing method, intermediate representation method, stain analysis method and deep learning method. We test 27 detection tools, and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods such as deep learning method and dynamic detection methods including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future. © 2023 IEEE.

AB - With the wide application of IoT and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This paper first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: formal verification method, symbol execution method, fuzzy testing method, intermediate representation method, stain analysis method and deep learning method. We test 27 detection tools, and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods such as deep learning method and dynamic detection methods including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future. © 2023 IEEE.

KW - Bitcoin

KW - Blockchain

KW - Blockchains

KW - Deep learning

KW - Internet of Things

KW - Security

KW - smart contract

KW - Smart contracts

KW - Testing

KW - vulnerability detection

UR - http://www.scopus.com/inward/record.url?scp=85148478722&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85148478722&origin=recordpage

U2 - 10.1109/JIOT.2023.3241544

DO - 10.1109/JIOT.2023.3241544

M3 - RGC 21 - Publication in refereed journal

SN - 2327-4662

VL - 10

SP - 12178

EP - 12185

JO - IEEE Internet of Things Journal

JF - IEEE Internet of Things Journal

IS - 14

ER -

Detection of Vulnerabilities of Blockchain Smart Contracts

Abstract

Funding

Research Keywords

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

GRF: Massive Access over an OFDM Platform

Cite this

Detection of Vulnerabilities of Blockchain Smart Contracts

Abstract

Funding

Research Keywords

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Projects

GRF: Massive Access over an OFDM Platform

Cite this