Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications

Suhwan Ji; Dohyung Kim; Hyeonseung Im

doi:10.1109/ACCESS.2021.3091317

IEEE Access (Jan 2021)

Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications

Suhwan Ji,
Dohyung Kim,
Hyeonseung Im

Affiliations

Suhwan Ji: ORCiD; Interdisciplinary Graduate Program in Medical Bigdata Convergence, Kangwon National University, Chuncheon, South Korea
Dohyung Kim: ORCiD; Interdisciplinary Graduate Program in Medical Bigdata Convergence, Kangwon National University, Chuncheon, South Korea
Hyeonseung Im: ORCiD; Interdisciplinary Graduate Program in Medical Bigdata Convergence, Kangwon National University, Chuncheon, South Korea

DOI: https://doi.org/10.1109/ACCESS.2021.3091317
Journal volume & issue: Vol. 9
pp. 90029 – 90042

Abstract

Read online

Blockchain technology, which provides digital security in a distributed manner, has evolved into a key technology that can build efficient and reliable decentralized applications (called DApps) beyond the function of cryptocurrency. The characteristics of blockchain such as immutability and openness, however, have made DApps more vulnerable to various security risks, and thus it has become of great significance to validate the integrity of DApps before they actually operate upon blockchain. Recently, research on vulnerability in smart contracts (a building block of DApps) has been actively conducted, and various vulnerabilities and their countermeasures were reported. However, the effectiveness of such countermeasures has not been studied well, and no appropriate methods have been proposed to evaluate them. In this paper, we propose a software tool that can easily perform comparative studies by adding existing/new countermeasures and labeled smart contract codes. The proposed tool demonstrates verification performance using various statistical indicators, which helps to identify the most effective countermeasures for each type of vulnerability. Using the proposed tool, we evaluated state-of-the-art countermeasures with 237 labeled benchmark codes. The results indicate that for certain types of vulnerabilities, some countermeasures show evenly good performance scores on various metrics. However, it is also observed that countermeasures that detect the largest number of vulnerable codes typically generate much more false positives, resulting in very low precision and accuracy. Consequently, under given constraints, different countermeasures may be recommended for detecting vulnerabilities of interest. We believe that the proposed tool could effectively be utilized for a future verification study of smart contract applications and contribute to the development of practical and secure smart contract applications.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords