Modern blockchains support the execution of application-level code in the form of smart contracts, allowing developers to devise complex Distributed Applications (DApps). Smart contracts are typically written in high-level languages, such as Solidity, and after deployment on the blockchain, their code is executed in a distributed way in response to transactions or calls from other smart contracts. As a common piece of software, smart contracts are susceptible to vulnerabilities, posing security threats to DApps and their users. The community has already made many different proposals involving taxonomies related to smart contract vulnerabilities. In this paper, we try to systematize such proposals, evaluating their common traits and main discrepancies. A major limitation emerging from our analysis is the lack of a proper formalization of such taxonomies, making hard their adoption within, e.g., tools and disfavoring their improvement over time as a community-driven effort. We thus introduce a novel data model that clearly defines the key entities and relationships relevant to smart contract vulnerabilities. We then show how our data model and its preliminary instantiation can effectively support several valuable use cases, such as interactive exploration of the taxonomy, integration with security frameworks for effective tool orchestration, and statistical analysis for performing longitudinal studies.
SoK: A Unified Data Model for Smart Contract Vulnerability Taxonomies / Ruggiero, C.; Mazzini, P.; Coppa, Emilio; Lenti, S.; Bonomi, S.. - Proceedings of the 19th International Conference on Availability, Reliability and Security, (2024), pp. ---. (ARES 2024 - 19th International Conference on Availability, Reliability and Security, Wien, Austria, July 30 – August 2, 2024). [10.1145/3664476.3664507].
SoK: A Unified Data Model for Smart Contract Vulnerability Taxonomies
Coppa E.;
2024
Abstract
Modern blockchains support the execution of application-level code in the form of smart contracts, allowing developers to devise complex Distributed Applications (DApps). Smart contracts are typically written in high-level languages, such as Solidity, and after deployment on the blockchain, their code is executed in a distributed way in response to transactions or calls from other smart contracts. As a common piece of software, smart contracts are susceptible to vulnerabilities, posing security threats to DApps and their users. The community has already made many different proposals involving taxonomies related to smart contract vulnerabilities. In this paper, we try to systematize such proposals, evaluating their common traits and main discrepancies. A major limitation emerging from our analysis is the lack of a proper formalization of such taxonomies, making hard their adoption within, e.g., tools and disfavoring their improvement over time as a community-driven effort. We thus introduce a novel data model that clearly defines the key entities and relationships relevant to smart contract vulnerabilities. We then show how our data model and its preliminary instantiation can effectively support several valuable use cases, such as interactive exploration of the taxonomy, integration with security frameworks for effective tool orchestration, and statistical analysis for performing longitudinal studies.
| File | Dimensione | Formato | |
|---|---|---|---|
|
3664476.3664507.pdf
Open Access
Tipologia:
Versione dell'editore
Licenza:
Creative commons
Dimensione
939.59 kB
Formato
Adobe PDF
|
939.59 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
