[ad_1]
A comprehensive analysis of 516 smart contract vulnerabilities, revealing critical security gaps and offering advanced strategies for detection and prevention in blockchain technology.
Date of Publication: July 26, 2023
The research article titled “Demystifying Exploitable Bugs in Smart Contracts,” authored by Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin from Purdue University, Harrison High School, Georgia Institute of Technology, PNM Labs, and Ohio State University, delves into the critical issue of exploitable bugs in smart contracts. As blockchain technology, exemplified by Bitcoin since 2008, has grown to a market capitalization of over $438 billion, the prevalence and diversity of blockchain-based applications have surged. Smart contracts, integral to these applications, are not immune to human error, leading to vulnerabilities that have caused substantial losses, estimated at $1.57 billion by May 2022.
This study focuses on 516 unique real-world smart contract vulnerabilities identified between 2021–2022. The researchers aimed to understand how many of these vulnerabilities were exploitable and undetectable by existing tools. To this end, they categorized the undetectable bugs into seven types and analyzed their root causes, audit difficulties, consequences, and potential repair strategies. They also sought to abstract these categories into models to aid in detecting similar bugs in other contracts and to facilitate automation.
A key finding was that a significant portion (80%) of these exploitable bugs were not detectable by machine (termed Machine Unauditable Bugs or MUBs), possibly due to the limited scope of existing tools, which typically focus on detecting access violations through transaction origins, (tx.origin). This limitation does not imply the ineffectiveness of these tools but rather highlights their constraint in addressing the complex governance roles in modern projects.
[ad_2]
Source link