Modern blockchains support the execution of application-level code in the form of smart contracts, allowing developers to devise complex Distributed Applications (DApps). Smart contracts are typically written in high-level languages, such as Solidity, and after deployment on the blockchain, their code is executed in a distributed way in response to transactions or calls from other smart contracts. As a common piece of software, smart contracts are susceptible to vulnerabilities, posing security threats to DApps and their users.
The community has already made many different proposals involving taxonomies related to smart contract vulnerabilities. In this paper, we try to systematize such proposals, evaluating their common traits and main discrepancies. A major limitation emerging from our analysis is the lack of a proper formalization of such taxonomies, making hard their adoption within, e.g., tools and disfavoring their improvement over time as a community-driven effort. We thus introduce a novel data model that clearly defines the key entities and relationships relevant to smart contract vulnerabilities. We then show how our data model and its preliminary instantiation can effectively support several valuable use cases, such as interactive exploration of the taxonomy, integration with security frameworks for effective tool orchestration, and statistical analysis for performing longitudinal studies.
Dettaglio pubblicazione
2024, 19th International Conference on Availability, Reliability and Security (ARES 2024), Pages -
SoK: A Unified Data Model for Smart Contract Vulnerability Taxonomies (04b Atto di convegno in volume)
Ruggiero Claudia, Mazzini Pietro, Coppa Emilio, Lenti Simone, Bonomi Silvia
keywords