Checking Smart Contracts With Structural Code Embedding

Gao, Zhipeng; Jiang, Lingxiao; Xia, Xin; Lo, David; Grundy, John

doi:10.1109/tse.2020.2971482

Cited by 94 publications

(45 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite many advantages of smart contracts such as support for automation, ease of debugging, cost efficiency, and limited human intervention required to run business processes; however, the presence of bugs inside a smart contract code can affect its normal operations that can lead to huge losses and disruptions. Being deployed on a decentralized platform, a smart contract can face several security threats from the pseudonymous malicious actors that can fully control the smart contract for malicious purposes [118][119][120]. Smart contracts deployed on the public blockchain platforms are often open-source.…”

Section: B Smart Contracts Security Auditmentioning

confidence: 99%

Blockchain and COVID-19 Pandemic: Applications and Challenges

Ahmad¹,

Salah²,

Jayaraman³

et al. 2023

Preprint

View full text Add to dashboard Cite

The year 2020 has witnessed the emergence of coronavirus disease (COVID-19) that has rapidly spread and adversely affected the global economy, health, and human lives. The COVID-19 pandemic has exposed the limitations of existing healthcare systems regarding its inadequacy to timely and efficiently handle public health emergencies. A large portion of today's healthcare systems are centralized and fall short in providing necessary information security and privacy, data immutability, transparency, and traceability features to detect frauds related to COVID-19 vaccination certification, anti-body testing, and medical supplies. Blockchain technology can assist to combat the COVID-19 pandemic by assuring safe and reliable medical supplies, accurate identification of virus hot spots, and establishing data provenance to verify the genuine personal protective equipment that is decentralized, trustworthy, traceable, and transparent. In this paper, we discuss the potential blockchain applications for the COVID-19 pandemic. We present the high-level design of three blockchain-based systems to enable the governments and medical professionals to efficiently handle health emergencies caused by COVID-19. We discuss the important ongoing blockchain-based research projects to demonstrate the adoption of blockchain technology for the COVID-19. Finally, we identify and discuss future research challenges along with their key causes and guidelines.

show abstract

Section: B Smart Contracts Security Auditmentioning

confidence: 99%

Blockchain and COVID-19 Pandemic: Applications and Challenges

Ahmad¹,

Salah²,

Jayaraman³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Namely, Eth2Vec can extract features more precisely than a trivial use of a neural network by virtue of the natural language processing that learns the context of each function. Although there are several existing tools [15,36] based on a typical language model for the analysis of Ethereum smart contracts, i.e., Word2Vec [29], Eth2Vec is novel since it achieves robust analysis against code rewrites. To do this, we also developed a module that gives the EVM bytecode and their syntactic information to the neural network as inputs.…”

Section: Contributionsmentioning

confidence: 99%

“…Eth2Vec outperforms a typical method [31] in terms of wellknown metrics on vulnerability detection. Moreover, Eth2Vec can detect vulnerabilities of rewritten code, which were not found by the existing Word2Vec-based tool named SmartEmbed [15]. (See Section 5 for detail.)…”

Section: Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts

Ashizawa

Yanai

Cruz

et al. 2021

Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure

View full text Add to dashboard Cite

Ethereum smart contracts are programs that run on the Ethereum blockchain, and many smart contract vulnerabilities have been discovered in the past decade. Many security analysis tools have been created to detect such vulnerabilities, but their performance decreases drastically when codes to be analyzed are being rewritten. In this paper, we propose Eth2Vec, a machine-learning-based static analysis tool for vulnerability detection in smart contracts. It is also robust against code rewrites, i.e., it can detect vulnerabilities even in rewritten codes. Existing machine-learning-based static analysis tools for vulnerability detection need features, which analysts create manually, as inputs. In contrast, Eth2Vec automatically learns features of vulnerable Ethereum Virtual Machine (EVM) bytecodes with tacit knowledge through a neural network for natural language processing. Therefore, Eth2Vec can detect vulnerabilities in smart contracts by comparing the code similarity between target EVM bytecodes and the EVM bytecodes it already learned. We conducted experiments with existing open databases, such as Etherscan, and our results show that Eth2Vec outperforms a recent model based on support vector machine in terms of well-known metrics, i.e., precision, recall, and F1-score. CCS CONCEPTS• Security and privacy → Software security engineering; Software reverse engineering; Vulnerability management.

show abstract

“…They propose the UML Profile for Smart Contracts and present static aspect of Smart Contract Design Pattern. Gao et al [37] propose an automated approach and SmartEmbed prototype to clone or bug detection and validation of smart contracts.…”

Section: Related Workmentioning

confidence: 99%

Applying Model-Driven Engineering to Distributed Ledger Deployment

Górski

Bednarski

2020

IEEE Access

View full text Add to dashboard Cite

Distributed Ledger Technology (DLT) enables data storage in a decentralized manner among collaborating parties. The software architecture of such solutions encompasses models placed in the relevant architectural views. A lot of research is devoted to smart contracts and consensus algorithms, which are realized by distributed applications and can be positioned within the Logical view. However, we see the need to provide modeling support for the Deployment view of distributed ledger solutions. Especially since the chosen DLT framework has a significant impact on implementation and deployment. Besides, consistency between models and configuration deployment scripts should be ensured. So, we have applied Model-Driven Engineering (MDE) that allows on the transformation of models into more detailed models, source code, or tests. We have proposed Unified Modeling Language (UML) stereotypes and tagged values for distributed ledger deployment modeling and placed them in the UML Profile for Distributed Ledger Deployment. We have also designed the UML2Deployment model-to-code transformation for the R3 Corda DLT framework. A UML Deployment model is the source whereas a Gradle Groovy deployment script is the target of the transformation. We have provided the complete solution by incorporating the transformation into the Visual Paradigm modeling tool. Furthermore, we have designed a dedicated plug-in to validate generated deployment scripts. In the paper, we have shown how to design transformation for generating deployment scripts for the R3 Corda DLT framework with the ability to switch to another one. INDEX TERMS Distributed Ledger, Model-Driven Engineering, Architectural views model 1+5, Deployment view, Unified Modeling Language extensibility mechanisms.

show abstract

Checking Smart Contracts With Structural Code Embedding

Cited by 94 publications

References 59 publications

Blockchain and COVID-19 Pandemic: Applications and Challenges

Blockchain and COVID-19 Pandemic: Applications and Challenges

Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts

Applying Model-Driven Engineering to Distributed Ledger Deployment

Contact Info

Product

Resources

About