Verifying Security Vulnerabilities for Blockchain-based Smart Contracts
Resumo
In a modern world, aspects of cybersecurity become more of a requirement to software, systems, applications than just a feature implemented by programmers in their spare time. On the one hand, blockchain remains a pastime for people interested in digital currencies or decentralized, anonymous environments such as auctions or voting. On the other hand, cyberattacks are also not an exception to the blockchain community. Most of those attacks were made through smart contracts - pieces of code through which blockchain users interact with the actual blockchain. This paper analyses the background of blockchain technology, the implementation of smart contracts, and the cybersecurity aspect in the blockchain field. We describe an in-depth analysis of five static analysis tools (or code verifiers), their capabilities and drawbacks. These are tested with smart contracts with vulnerabilities deliberately included in their source code. The vulnerabilities are tailored so that they fit into the cybersecurity properties. After the implementation process, analysis is presented. We have found out which state-of-the-art static analysis tool is the most appropriate to secure the smart contract code from future cyberattacks on the blockchain.
Palavras-chave:
Codes, Online banking, Smart contracts, Static analysis, Tools, Systems engineering and theory, Software systems, Blockchain, Cybersecurity, Static Analysis, Software Verification
Publicado
22/11/2021
Como Citar
MATULEVICIUS, Nedas; CORDEIRO, Lucas C..
Verifying Security Vulnerabilities for Blockchain-based Smart Contracts. In: SIMPÓSIO BRASILEIRO DE ENGENHARIA DE SISTEMAS COMPUTACIONAIS (SBESC), 11. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 89-96.
ISSN 2237-5430.