문화기술의 융합 (The Journal of the Convergence on Culture Technology)

  • 제9권6호
  • /
  • Pages.1017-1029
  • /
  • 2023
  • /
  • 2384-0358(pISSN)
  • /
  • 2384-0366(eISSN)
국제문화기술진흥원 (The International Promotion Agency of Culture Technology)
권호 표지
DOI QR코드

DOI QR Code

스마트 계약 보안 감사 동향 및 서비스

Smart Contract Security Audit Trends and Services

  • 박찬솔 (홍익대학교 소프트웨어융합학과) ;
  • 김장환 (홍익대학교 소프트웨어융합학과) ;
  • 김영철 (홍익대학교 소프트웨어융합학과)
  • 투고 : 2023.10.03
  • 심사 : 2023.11.10
  • 발행 : 2023.11.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

블록체인을 통해 많은 양의 거래가 일어나고 있다. 그중에서도 스마트 계약을 통한 거래의 비중이 커지고 있다. 이에 따라 스마트 계약에 대한 취약점 공격과 스마트 계약을 이용한 사기와 같은 문제점들도 증가한다. 스마트 계약에 대한 보안 감사를 통해 개발자는 취약점을 발견해 해결할 수 있고, 이용자는 스마트 계약의 사기 여부를 구분할 수 있다. 하지만 현재 스마트 계약에 대한 보안 감사에 대한 규정과 표준이 없으므로 보안 감사를 수행하는 서비스들이 불균일하다. 본 논문에서는 스마트 계약에 대한 보안 감사 동향을 분석하고 어떠한 서비스들이 제공되고 있는지 파악한다. 보안 감사 보고서를 중심으로 스마트 계약으로부터 어떠한 요소들을 분석하는지 조사한다. 또한 어떠한 취약점들을 검출할 수 있는지 조사한다. 마지막으로 스마트 계약에 대한 품질 지표와 설계 추출의 가시화 요소를 조사한다. 이를 통해 스마트 계약에 특화된 가시화 요소를 찾을 수 있을 것을 기대한다.

A large amount of transactions are taking place through Blockchain. Among them, the proportion of transactions through smart contracts is increasing. Accordingly, problems such as vulnerability attacks on smart contracts and fraud using smart contracts are increasing. Through security audits of smart contracts, developers can discover and resolve vulnerabilities, and users can distinguish whether smart contracts are fraudulent. However, there are currently no regulations and standards for security auditing of smart contracts, so services that perform security auditing are uneven. In this paper, we analyze security audit trends for smart contracts and identify what services are being provided. We investigate what elements are analyzed from smart contracts, focusing on security audit reports. Also, investigate what vulnerabilities can be detected. Finally, we investigate quality indicators for smart contracts and visualization elements of design extraction. Through this, we hope to be able to find visualization elements specialized for smart contracts.

키워드

과제정보

본 연구는 2023년도 문화체육관광부의 재원으로 한국콘텐츠진흥원(과제명: 인공지능기반 사용자 대화형 멀티모달 인터랙티브 스토리텔링 3D장면 저작 기술 개발, 과제번호:RS-2023-00227917,기여율:25%) 지원, 2023년도 행정안전부 재난안전산업 기술사업화 지원 사업(과제명:프로그래시브 웹 앱(PWA) 기반의 시설물 상태평가 엔진을 적용한 AR 시설물 인터페이스 개발,과제번호:RS-2022-00155579,기여율:25%)의 지원, 교육부 및 한국연구재단의4단계 두뇌한국21 사업의 지원(F21YY8102068, 기여율: 25%)과 2023년도 정부(교육부)의 재원으로 한국연구재단 기초연구사업(과제명: NLP BERT Model 기반 자동 리팩토링을 통한 무결점 코드화 연구, 과제번호: No.2021R1I1A3050407,기여율:25%)의 지원을 받아 수행된 연구임.

참고문헌

  1. D. Vidal-Tomas, "Transitions in the cryptocurrency market during the COVID-19 pandemic: A network analysis," Finance Research Letters, Vol. 43, No. 101981, 2021.
  2. Kim, T., & Yang, J. Y. (2022). How to Prove the Identity of Artist When Creating Non-fungible Tokens. The Journal of the Convergence on Culture Technology, 8(5), 669-676. https://doi.org/10.17703/JCCT.2022.8.5.669
  3. Raynor de Best, Daily 24h volume of all crypto combined up until August 2, 2023 [Internet], https://www.statista.com/statistics/1272903/cryptocurrency-trade-volume/.
  4. PR Newswire, Global Smart Contracts Market to Reach USD 9850 Million by 2030 with 24% CAGR | Revolutionizing Contract Management, Exploring the Opportunities and Trends Report by Zion Market Research [Internet], https://finance.yahoo.com/news/global-smart-contracts-market-reach-160000824.html.
  5. Andrew Kamsky, Crypto Hacks 2023: Full List of Scams and Exploits as Millions Go Missing [Internet], https://www.ccn.com/education/cryptohacks-2023-full-list-of-scams-and-exploits-as-millions-go-missing/.
  6. H. S. Jin, D. O. Kim, Y. C. Kim, J. T. Oh and K. Y. Kim, "Technology Trends in Blockchain Distributed Agreements," Journal of the Institute of Electronics and Information Engineers, Vol. 48, No. 5, pp.63-74, 2021.
  7. S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system," Decentralized business review, 2008.
  8. V. Buterin, "A next-generation smart contract and decentralized application platform," white paper, 2014.
  9. T. Takenobu, "Ethereum EVM illustrated." Github Pages, 2018.
  10. G. Wood, "Ethereum: A secure decentralised generalised transaction ledger," Ethereum project yellow paper, pp.1-41, 2022.
  11. A. Savelyev, "Contract law 2.0:'Smart'contracts as the beginning of the end of classic contract law." Information & communications technology law, Vol. 26 No.2, pp.116-134, 2017. https://doi.org/10.1080/13600834.2017.1301036
  12. H. Taherdoost, "Smart Contracts in Blockchain Technology: A Critical Review." Information, Vol. 14, No. 2, 2023.
  13. Languages - DefiLlama [Internet], https://defillama.com/ languages.
  14. W. Cai, Z. Wang, J. B. Ernst, Z. Hong, C. Feng and V. C. M. Leung, "Decentralized Applications: The Blockchain-Empowered Software System," IEEE Access, Vol. 6, pp. 53019-53033, 2018. https://doi.org/10.1109/ACCESS.2018.2870644
  15. M. Tian, and C. Wei, "Portrait of decentralized application users: an overview based on large-scale Ethereum data," CCF Transactions on Pervasive Computing and Interaction, Vol 4, No. 2, pp.124-141, 2022. https://doi.org/10.1007/s42486-022-00094-6
  16. A. M. Rozario and M. A. Vasarhelyi, "Auditing with Smart Contracts," International Journal of Digital Accounting Research, Vol. 18, pp.1-27, 2018. https://doi.org/10.4192/1577-8517-v18_1
  17. Smart Contract Weakness Classification (SWC) [Internet], https://swcregistry.io.
  18. Smart Contract Audits by SourceHat [Internet], https:// sourcehat.com/audits/.
  19. Public Smart Contract Audits and Security Reviews | Consensys Diligence [Internet], https://consensys.io/diligence/audits/.
  20. Smart Contract Audit - Web3 Security Leaderboard [Internet], https://www.certik.com/products/smart-contract -audit.
  21. Smart Contract Audit reports - Hacken [Internet], https://hacken.io/audits/.
  22. Smart Contract Auditing Services for Ethereum Blockchain [Internet], https://www.quillaudits.com/services/ethereum- smart-contracts-auditing.
  23. Ethereum Smart Contract Audit - Cyberscope [Internet], https://www.cyberscope.io/ethereum-smart-contract-audit.
  24. Smart Contract Security Audit Service Introduction, Exchange Security Solution - SlowMist - Focusing on Blockchain EcosystemSecurity [Internet], https:// www.slowmist.com/service-smart-contract-security-audit.html.
  25. Quantstamp: Audits [Internet], https://quantstamp.com/ audits.
  26. OpenZeppelin [Internet], https://www.openzeppelin.com/ #secure-code.
  27. PeckShield - Industry Leading Blockchain Security Company [Internet], https://peckshield.com/#services.
  28. Audit | Solidproof.io | DE Trust Made In Germany [Internet], https://solidproof.io/audit.
  29. Smart Contract Audit - Chainsulting [Internet], https:// chainsulting.de/smart-contract-audit/.
  30. DeXe Network_SC Audit Report_22052023[SA-962] [PDF], https://wp.hacken.io/wp-content/uploads/2023/08/DeXe-Network_SC-Audit-Report_22052023SA-962.pdf.
  31. SMART CONTRACT CODE REVIEW AND SECURITY ANALYSIS SCORING METHODOLOGY [Internet], https://docs.google.com/document/d/1cPKijtHoNsPX8P6UJmeQVc9Un44_FgNh0QV32F_RFCw/edit.
  32. DerivaDEX 2 - Report [Internet], https://certificate.quantstamp.com/full/deriva-dex-2/260ed58a-a197-4dd7-bda3-6586453de89f/index.html.
  33. Particle - Report [Internet], https://certificate.quaantstamp.com/full/particle/3cd57a7b-681f-4f38-b0cd-9fd6f2f37a89/index.html.
  34. SmartContract_Audit_Solidproof_Unicrypt_V2_ENMT [PDF], https://github.com/solidproof/projects/blob/main/UNCX%20Network/SmartContract_Audit_Solidproof_Unicrypt_V2_ENMT.pdf. 
  35. Lossless_Smart_Contract_Audit_Wrapped_ERC20_20042023 [PDF], https://github.com/chainsulting/Smart-Contract-Security-Audits/blob/master/Lossless/Lossless_Smart_Contract_Audit_Wrapped_ERC20_20042023.pdf. 
  36. Factor Smart Contract Audit by SourceHat(formerly Solidity Finance) [Internet], https://sourcehat.com/audits/Factor/. 
  37. dkeepernft [PDF], https://github.com/cyberscopeio/audits/blob/main/deeplink-l3-atom/dkeepernft.pdf. 
  38. Lybra Finance | Consensys Diligence [Internet], https://consensys.io/diligence/audits/2023/08/lybrafinance/. 
  39. Gala Games - CertiK Skynet Project Insight [Internet], https://skynet.certik.com/projects/gala-gala-games. 
  40. The Solidity Authors, Solidity - Solidity 0.8.21 documentation [Internet], https://docs.soliditylang.org/en/v0.8.21/. 
  41. J. H. Kim, C. S. Park, S. Y. Moon and R. Y. C. Kim, "Best Practices on Improving Gas Consumption through Simplifying Quality Complexity of Solidity code for Smart Contracts in Distributed Network Environments." in Proceedings of the International Conference on Green and Human Information Technology, Jeju, 2022, pp. 166-167. 
  42. C. S. Park, B. K. Park, S. Y. Moon and R. Y. C. Kim, "Extracting Code Complexity for Auditing A Smart Contract," in Proceedings of the Korean Institute of Smart Media 2022 Comprehensive Academic Conference, Daejeon, pp. 63-65, 2022. 
  43. C. S. Park, B. K. Park, S. Y. Moon and R. Y. C. Kim, "Applying Code Visualization into Solidity for Auditing of Smart Contract," Advanced Engineering and ICT-Convergence Proceedings, Vol. 5, No. 2, pp. 333-336, 2022