Sjálfvirk umgjörð fyrir öryggisgreiningu snjallsamninga byggð bæði á gögnum og greiningu - verkefni lokið
Fréttatilkynning verkefnisstjóra
Lýsing á verkefninu: Snjallsamningur er sjálfvirkur kóði sem keyrir á bálkakeðju (e.blockchain). Hann er almennt notaður til að auðvelda flutning á stafrænum eignum milli aðila án þess að þurfa milliliði. Því er nauðsynlegt að tryggja öryggi hans. Vegna virðis hans eru snjallsamningar oft útsettir fyrir árásum. Á undanförnum árum hefur verið fjöldi árása á þá sem hefur leitt til fjárhagslegs tjóns sem nemur tugum milljóna dollara.
A smart contract is a self-executing code that operates on the blockchain. It is commonly utilized to facilitate the transfer of digital assets between parties without the need for intermediaries. Consequently, ensuring its security is paramount. Given its value, smart contracts are often targeted for attacks. In recent years, there have been numerous instances of smart contract exploits resulting in financial losses totaling tens of millions of dollars. By developing an automated framework that combines empirical and deep learning techniques, the project seeks to analyze, detect, and predict vulnerabilities in smart contracts. This approach differs from existing methods by providing a more comprehensive and proactive approach to Ethereum smart contract security. Results: The project has yielded a framework for identifying vulnerabilities in smart contracts. Additionally, it has generated a labeled dataset of smart contract vulnerabilities, which serves as the basis for developing machine learning-based security methods. Furthermore, the project has introduced a methodology for mining and classifying smart contract vulnerabilities and their corresponding fixes from GitHub and CVE records. This methodology has been implemented in an automated framework called AutoMESC. Moreover, a large-scale empirical study has been conducted to analyze the identified vulnerabilities in depth. Impact By providing a robust framework for identifying and analysing vulnerabilities in smart contracts, the project aims to significantly enhance the security of blockchain transactions. This will reduce the risk of financial losses resulting from exploits and bolster trust in blockchain technology. Ultimately, the project will contribute to fostering a more secure environment for digital asset transfers without the need for intermediaries.
Information on how the results will be applied:
The findings from this project will have several practical applications in the field of blockchain
technology and smart contracts:
1. Enhanced Security Measures: The framework developed for identifying vulnerabilities in smart
contracts can be integrated into blockchain platforms and smart contract development tools. This
integration will enhance the security measures implemented in these systems, reducing the risk of
exploitation and financial losses.
2. Machine Learning-Based Security Methods: The labeled dataset of smart contract vulnerabilities
generated by the project can serve as a valuable resource for training machine learning models. These models can then be deployed to automatically detect vulnerabilities in newly developed smart contracts, providing developers with proactive security measures.
3. Improved Vulnerability Management: The methodology introduced for mining and classifying smart contract vulnerabilities, along with their corresponding fixes from GitHub and CVE records, can streamline vulnerability management processes. By automating the identification and classification of vulnerabilities, organizations can prioritize and address security issues more efficiently.
4. Continuous Improvement and Analysis: The automated framework, AutoMESC, developed as part of this project, will provide a scalable solution for ongoing vulnerability analysis. By continuously updating its knowledge base and adapting to emerging threats, AutoMESC will ensure that smart contracts remain secure in the ever-evolving landscape of blockchain technology. Overall, the results of this project will contribute to the development of more secure and robust blockchain ecosystems, fostering trust among users and stakeholders in digital asset transactions conducted via smart contracts.
A list of the project's outputs:
We produced a number of publications, datasets, a suite of tools and machine learning models. These models, tools and datasets serve as valuable resources for researchers and practitioners interested in studying and addressing security issues in smart contracts. All the material is openly accessible and made available online.
Heiti verkefnis: Sjálfvirk umgjörð fyrir öryggisgreiningu
snjallsamninga byggð bæði á gögnum og greiningu/An Automated Framework for
Security Analysis of Smart Contracts Based on Mixed Empirical and Static
Analysis
Verkefnisstjóri: Majd Radwan
Soud,
Háskólanum í Reykjavík
Tegund styrks: Doktorsnemastyrkur
Styrktímabil: 2020-2022
Fjárhæð styrks kr. 19.875.000
Tilvísunarnúmer Rannsóknasjóðs: 207156
