DeepAI AI Chat
Log In Sign Up

VOLCANO: Detecting Vulnerabilities of Ethereum Smart Contracts Using Code Clone Analysis

by   Noama Fatima Samreen, et al.
Ryerson University

Ethereum Smart Contracts based on Blockchain Technology (BT) enables monetary transactions among peers on a blockchain network independent of a central authorizing agency. Ethereum Smart Contracts are programs that are deployed as decentralized applications, having the building blocks of the blockchain consensus protocol. This enables consumers to make agreements in a transparent and conflict-free environment. However, there exist some security vulnerabilities within these smart contracts that are a potential threat to the applications and their consumers and have shown in the past to cause huge financial losses. This paper presents a framework and empirical analysis that use code clone detection techniques for identifying vulnerabilities and their variations in smart contracts. Our empirical analysis is conducted using the Nicad code clone detection tool on a dataset of approximately 50k Ethereum smart contracts. We evaluated VOLCANO on two datasets, one with confirmed vulnerabilities and another with approximately 50k random smart contracts collected from the Etherscan. Our approach shows an improvement in the detection of vulnerabilities in terms of coverage and efficiency when compared to two of the publicly available static analyzers to detect vulnerabilities in smart contracts. To the best of our knowledge, this is the first study that uses a clone detection technique to identify vulnerabilities and their evolution in Ethereum smart contracts.


page 1

page 2

page 3

page 4


A Survey of Security Vulnerabilities in Ethereum Smart Contracts

Ethereum Smart Contracts based on Blockchain Technology (BT)enables mone...

SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts

Blockchain technology (BT) Ethereum Smart Contracts allows programmable ...

An Empirical Study of Protocols in Smart Contracts

Smart contracts are programs that are executed on a blockhain. They have...

Mining Domain Models in Ethereum DApps using Code Cloning

This research study explores the use of near-miss clone detection to sup...

sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts

Smart contracts are Turing-complete programs that execute on the infrast...

ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection

Ethereum smart contracts are programs that can be collectively executed ...

SIF: A Framework for Solidity Code Instrumentation and Analysis

Solidity is an object-oriented and high-level language for writing smart...