Browse > Article
http://dx.doi.org/10.7236/IJIBC.2020.12.3.189

Design Model for Extensible Architecture of Smart Contract Vulnerability Detection Tool  

Choi, Yun-seok (Department of Computer Science, Dongduk Women's University)
Lee, Wan Yeon (Department of Computer Science, Dongduk Women's University)
Publication Information
International Journal of Internet, Broadcasting and Communication / v.12, no.3, 2020 , pp. 189-195 More about this Journal
Abstract
Smart contract, one of the applications of blockchain, is expected to be used in various industries. However, there is risks of damages caused by attacks on vulnerabilities in smart contract codes. Tool support is essential to detect vulnerabilities, and as new vulnerabilities emerge and smart contract implementation languages increase, the tools must have extensibility for them. We propose a design model for extensible architecture of smart contract vulnerability detection tools that detect vulnerabilities in smart contract source codes. The proposed model is composed of design pattern-based structures that provides extensibility to easily support extension of detecting modules for new vulnerabilities and other implementation languages of smart contract. In the model, detecting modules are composed of independent module, so modifying or adding of module do not affect other modules and the system structure.
Keywords
Blockchain; Smart contracts; Ethereum; Vulnerability; Software Architecture; Extensibility;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org
2 L. Luu, D. Chu, H. Olickel, P. Saxena, and A. Hobor, "Making Smart Contracts Smarter," in Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254-269, Oct. 2016. DOI: https://doi.org/10.1145/2976749.2978309
3 Ethereum Foundation, Ethereum Whitepaper, https://ethereum.org/en/whitepaper/
4 N.F. Samreen and M.H. Alalfi, "Reentrancy Vulnerability Identification in Ethereum Smart Contracts," in Proc. 2020 IEEE International Workshop on Blockchain Oriented Software Engineering, pp. 22-29, Feb.18, 2020. DOI: https://doi.org/10.1109/IWBOSE50093.2020.9050260
5 A. Dika and M. Nowostawski, "Security Vulnerabilities in Ethereum Smart Contracts," in Proc. 2018 IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data, pp. 955-962, July 2018. DOI: https://doi.org/10.1109/Cybermatics_2018.2018.00182
6 P. Qian, Z. Liu, Q. He, R. Zimmermann, and X. Wang, "Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models," IEEE Access, Vol. 8, pp. 19685-19695, Jan. 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2969429   DOI
7 SWC Registry(Smart Contract Weakness Classification and Test Cases), https://swcregistry.io/
8 CVE(Common Vulnerabilities and Exposures), https://cve.mitre.org/
9 S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov, "Smartcheck: Static analysis of Ethereum smart contracts," in Proc. IEEE/ACM 1st Int. Workshop Emerg. Trends Softw. Eng. Blockchain (WETSEB), pp. 9-16, May/Jun. 2018. DOI: https://doi.org/10.1145/3194113.3194115
10 B. Mueller, A Framework for Bug Hunting on the Ethereum Blockchain, https://github.com/ConsenSys/mythril
11 Z. Zheng, S. Xie, H.N. Dai, X. Chen, and H. Wang, “Blockchain challenges and opportunities,” International Journal of Web and Grid Services(IJWGS), Vol. 14, No. 4, pp. 352-375, Oct. 2018. DOI: https://doi.org/10.1504/IJWGS.2018.095647   DOI
12 CWE(Common Weakness Enumeration), https://cwe.mitre.org/
13 W.Y. Lee and Y.S. Choi, "Vulnerability and Cost Analysis of Heterogeneous Smart Contract Programs in Blockchain Systems," Current Trends in Computer Sciences & Applications, Vol. 2, Issue 1, pp. 142-145, Feb. 2020. DOI: https://doi.org/10.32474/CTCSA.2020.02.000126
14 E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design pattern, Addison Wesley, pp. 107-116, pp.315-324, 1995