Fixing Smart Contract Vulnerabilities: A Comparative Analysis of Literature and Developer's Practices

March 12, 2024 Β· Declared Dead Β· πŸ› arXiv.org

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Francesco Salzano, Simone Scalabrino, Rocco Oliveto, Remo Pareschi arXiv ID 2403.07458 Category cs.SE: Software Engineering Citations 5 Venue arXiv.org Last Checked 4 months ago
Abstract
Smart Contracts are programs running logic in the Blockchain network by executing operations through immutable transactions. The Blockchain network validates such transactions, storing them into sequential blocks of which integrity is ensured. Smart Contracts deal with value stakes, if a damaging transaction is validated, it may never be reverted, leading to unrecoverable losses. To prevent this, security aspects have been explored in several fields, with research providing catalogs of security defects, secure code recommendations, and possible solutions to fix vulnerabilities. In our study, we refer to vulnerability fixing in the ways found in the literature as guidelines. However, it is not clear to what extent developers adhere to these guidelines, nor whether there are other viable common solutions and what they are. The goal of our research is to fill knowledge gaps related to developers' observance of existing guidelines and to propose new and viable solutions to security vulnerabilities. To reach our goal, we will obtain from Solidity GitHub repositories the commits that fix vulnerabilities included in the DASP TOP 10 and we will conduct a manual analysis of fixing approaches employed by developers. Our analysis aims to determine the extent to which literature-based fixing strategies are followed. Additionally, we will identify and discuss emerging fixing techniques not currently documented in the literature. Through qualitative analysis, we will evaluate the suitability of these new fixing solutions and discriminate between valid approaches and potential mistakes.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted