- 27 views
- 52 downloads
Classification and Vulnerability Detection of Ethereum Energy Smart Contracts
-
- Author / Creator
- Lashkari, Bahareh
-
Since the advent of distributed ledger technologies, they have provided diverse opportunities in a wide range of application domains. With the transition towards a more decentralized and dynamic system, the significance of blockchain-enabled smart contracts has grown in prominence. Despite their benefits, smart contracts, are not immune to errors, vulnerabilities, and security issues. There have been several notable incidents caused by smart contract security flaws, the most significant being the DAO incident, which was triggered by a reentrancy vulnerability that resulted in the unauthorized extraction of approximately \$70 million in 2016. As a result, identifying and detecting smart contract vulnerabilities has become a critical challenge that must be addressed promptly to mitigate potential financial losses caused by bug exploitation. In spite of the positive association between smart contract categories and their vulnerabilities, vulnerability analysis tools do not consider violation structures and behavior patterns across different application domains. As a result, it is imperative to analyze the smart contracts feature space to gain more insights into the characteristics of the contracts deployed.
Unlike traditional contracts, smart contracts are not written in a natural language, making it difficult to determine their content. As a result, smart contract classification based on the application domain and transaction context provides greater insight into the syntactic and semantic properties of that domain. We intend to reach greater degrees of abstraction and navigate the complexities of Decentralized Applications (DApps) design specifications by determining the contract's domain. The proposed approach will help to establish the groundwork for innovative solutions for domain-specific classification and vulnerability detection of smart contracts in the works that follow.
In a subsequent study, we perform a domain-specific evaluation of state-of-the-art vulnerability detection tools on smart contracts. It appears that the detection accuracy of the tools varies depending on the domain. This suggests that security flaws may be domain-specific. As a result, in some domains, many vulnerabilities can be overlooked by existing analytical tools. Additionally, the overall impact of a specific vulnerability can differ significantly between domains, making its mitigation priority subject to business logic. Therefore, more effort should be directed towards the reliable and accurate detection of existing and emerging vulnerabilities from a domain-specific perspective.
In our ensuing study, this finding is used to enhance the detection of vulnerabilities within smart contracts, with a specific emphasis on an energy use case. When integrated into energy systems, smart contracts can create complex temporal and sequential dependencies, which can lead to a wide range of vulnerabilities as the structure of smart contracts becomes increasingly intricate. Current efforts to identify vulnerabilities in smart contracts rely heavily on expert-defined patterns, a method considered inefficient due to its lack of adaptability. To enhance the effectiveness of current methods, we introduce a graph attention neural network model called TL-GAT, which leverages transfer learning to detect vulnerabilities in smart contracts. This framework enables developers to independently assess vulnerabilities in each domain, allowing them to accurately identify potential issues in diverse execution environments. The evaluation results confirm that transfer learning can be used to leverage existing knowledge of vulnerabilities to improve the effectiveness of generalization when addressing vulnerabilities in a specific domain, even with limited data availability. This thesis presents profound insights and rigorously evaluated methods for identification of smart contracts developed to facilitate energy transactions in smart grids, followed by accurate detection of reentrancy vulnerabilities in energy smart contracts.
-
- Subjects / Keywords
-
- Graduation date
- Spring 2024
-
- Type of Item
- Thesis
-
- Degree
- Doctor of Philosophy
-
- License
- This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.