High-Level Security Dimension Evaluation of Blockchain BaaS System and Key Technology

In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applications are developing rapidly,the emerging security risks and obstacles have gradually become prominent.Attackers can still find security issues in blockchain systems and conduct attacks,causing increasing losses from network attacks every year.In response to the current demand for blockchain application security detection and assessment in all industries,and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology,this paper proposes a blockchain core technology security assessment system model,and studies the relevant detection and assessment key technologies and systems.A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed.And the underlying blockchain architecture supports the traceability of detection results using super blockchains.Finally,the functionality and performance of the system were tested,and the test results show that the model and solutions proposed in this paper have good feasibility.

A Systematic Review and Performance Evaluation of Open-Source Tools for Smart Contract Vulnerability Detection

With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.

Mining Bytecode Features of Smart Contracts to Detect PonziScheme on Blockchain

The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.

On-chain is not enough:Ensuring pre-data on the chain credibility for blockchain-based source-tracing systems

The blockchain provides a reliable and scalable method for enabling source-tracing functionality in large-scale Internet of Things(IoT)systems.Traditional blockchain-based source tracing applications are generally based on the hypothesis that the raw data collected by each IoT node are credible and consistent,which however may not always be the truth.As no mechanism ensures the reliability of the original data collected from the IoT devices,these data may be accidently screwed up or maliciously tampered with before they are uploaded on-chain.To address this issue,we propose the Multi-dimensional Certificates of Origin(MCO)method to filter out the potentially incredible data-till all the data uploaded to the chain are credible.To achieve this,we devise the Multidimensional Information Cross-Verification(MICV)and Multi-source Data Matching Calculation(MDMC)methods.MICV verifies whether a to-be-uploaded datum is consistent or credible,and MDMC determines which data should be discarded and which data should be kept to retain the most likely credible/untampered ones in the circumstance when data inconsistency appears.Large-scale experiments show that our scheme ensures on the credibility of data and off the chain with an affordable overhead.

Vulnerability Detection of Ethereum Smart Contract Based on SolBERT-BiGRU-Attention Hybrid Neural Model

In recent years,with the great success of pre-trained language models,the pre-trained BERT model has been gradually applied to the field of source code understanding.However,the time cost of training a language model from zero is very high,and how to transfer the pre-trained language model to the field of smart contract vulnerability detection is a hot research direction at present.In this paper,we propose a hybrid model to detect common vulnerabilities in smart contracts based on a lightweight pre-trained languagemodel BERT and connected to a bidirectional gate recurrent unitmodel.The downstream neural network adopts the bidirectional gate recurrent unit neural network model with a hierarchical attention mechanism to mine more semantic features contained in the source code of smart contracts by using their characteristics.Our experiments show that our proposed hybrid neural network model SolBERT-BiGRU-Attention is fitted by a large number of data samples with smart contract vulnerabilities,and it is found that compared with the existing methods,the accuracy of our model can reach 93.85%,and the Micro-F1 Score is 94.02%.

Trustworthiness Evaluation for Permissioned Blockchain-Enabled Applications

As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.

A survey on blockchain technology and its security

Blockchain is a technology that has desirable features of decentralization,autonomy,integrity,immutability,verification,fault-tolerance,anonymity,auditability,and transparency.In this paper,we first carry out a deeper survey about blockchain technology,especially its history,consensus algorithms'quantitative comparisons,details of cryptography in terms of public key cryptography,Zero-Knowledge Proofs,and hash functions used in the blockchain,and the comprehensive list of blockchain applications.Further,the security of blockchain itself is a focus in this paper.In particular,we assess the blockchain security from risk analysis to derive comprehensive blockchain security risk categories,analyze the real attacks and bugs against blockchain,and summarize the recently developed security measures on blockchain.Finally,the challenges and research trends are presented to achieve more scalable and securer blockchain systems for the massive deployments.