Fixing Smart Contract Vulnerabilities: A Comparative Analysis of Literature and Developer's Practices
arxiv(2024)
摘要
Smart Contracts are programs running logic in the Blockchain network by
executing operations through immutable transactions. The Blockchain network
validates such transactions, storing them into sequential blocks of which
integrity is ensured. Smart Contracts deal with value stakes, if a damaging
transaction is validated, it may never be reverted, leading to unrecoverable
losses. To prevent this, security aspects have been explored in several fields,
with research providing catalogs of security defects, secure code
recommendations, and possible solutions to fix vulnerabilities. In our study,
we refer to vulnerability fixing in the ways found in the literature as
guidelines. However, it is not clear to what extent developers adhere to these
guidelines, nor whether there are other viable common solutions and what they
are. The goal of our research is to fill knowledge gaps related to developers'
observance of existing guidelines and to propose new and viable solutions to
security vulnerabilities. To reach our goal, we will obtain from Solidity
GitHub repositories the commits that fix vulnerabilities included in the DASP
TOP 10 and we will conduct a manual analysis of fixing approaches employed by
developers. Our analysis aims to determine the extent to which literature-based
fixing strategies are followed. Additionally, we will identify and discuss
emerging fixing techniques not currently documented in the literature. Through
qualitative analysis, we will evaluate the suitability of these new fixing
solutions and discriminate between valid approaches and potential mistakes.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要