GRIFFIN: Enhancing the security of smart contracts

Article Sidebar

Trends in Computer Science and Information Technology volume8-issue3 articles
PDF HTML
Submitted: October 28, 2023
Published: Nov 17, 2023
DOI: 10.17352/tcsit.000071

Main Article Content

Franciscu SY*
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Ruggahakotuwa RK
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Samarawickrama SWYS
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Lahiru JAD
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka

Abstract



In the rapidly evolving landscape of decentralized systems, ensuring the integrity and trustworthiness of smart contracts is paramount for developers. This paper presents a comprehensive strategy for enhancing smart contract security by focusing on specific high-risk areas, including Integer Overflow, Dangerous Delegate Calls, Timestamp Dependency, Reentrancy Vulnerabilities, Race Conditions, and Sybil attacks. Despite the growing significance of smart contracts in blockchain ecosystems, a notable research gap exists in the development of specialized tools capable of providing real-time vulnerability detection and mitigation guidance. To bridge this gap, our research introduces the ‘GRIFFIN’ - Smart Contracts.


Vulnerability Detector is a powerful tool that has been rigorously tested and validated. Our study has yielded significant results, demonstrating the efficacy of the GRIFFIN in proactively identifying and mitigating critical vulnerabilities within a diverse dataset of 12,000 real-world solidity smart contracts. The tool leverages state-of-the-art static analysis techniques and machine learning algorithms, achieving superior accuracy rates when compared to existing solutions. This heightened accuracy not only empowers developers but also boosts the overall robustness and dependability of smart contract ecosystems. The cornerstone of our research is the development and validation of a practical, user-centric solution. By providing actionable insights, code snippets, and real-time feedback to developers, GRIFFIN equips them with the knowledge and tools needed to address vulnerabilities swiftly and effectively. This innovative approach is not merely an academic endeavor but a significant stride towards cultivating resilient and dependable smart contract environments. It instills a culture of security-conscious development practices, ensuring that the smart contracts crucial to decentralized systems can operate with the highest level of trust and reliability.


Index Terms— Smart Contracts; Integer overflow; Dangerous
Delegate call; Timestamp Dependence; Reentrancy Attack; Race
Condition; Sybil Attack; Static Analysis; Detection



Downloads

Download data is not yet available.

Article Details

SY, F., RK, R., SWYS, S., & JAD, L. (2023). GRIFFIN: Enhancing the security of smart contracts. Trends in Computer Science and Information Technology, 8(3), 073–081. https://doi.org/10.17352/tcsit.000071
Research Articles

Copyright (c) 2023 Franciscu SY, et al.

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Licensing and protecting the author rights is the central aim and core of the publishing business. Peertechz dedicates itself in making it easier for people to share and build upon the work of others while maintaining consistency with the rules of copyright. Peertechz licensing terms are formulated to facilitate reuse of the manuscripts published in journals to take maximum advantage of Open Access publication and for the purpose of disseminating knowledge.

We support 'libre' open access, which defines Open Access in true terms as free of charge online access along with usage rights. The usage rights are granted through the use of specific Creative Commons license.

Peertechz accomplice with- [CC BY 4.0]

Explanation

'CC' stands for Creative Commons license. 'BY' symbolizes that users have provided attribution to the creator that the published manuscripts can be used or shared. This license allows for redistribution, commercial and non-commercial, as long as it is passed along unchanged and in whole, with credit to the author.

Please take in notification that Creative Commons user licenses are non-revocable. We recommend authors to check if their funding body requires a specific license.

With this license, the authors are allowed that after publishing with Peertechz, they can share their research by posting a free draft copy of their article to any repository or website.
'CC BY' license observance:

License Name

Permission to read and download

Permission to display in a repository

Permission to translate

Commercial uses of manuscript

CC BY 4.0

Yes

Yes

Yes

Yes

The authors please note that Creative Commons license is focused on making creative works available for discovery and reuse. Creative Commons licenses provide an alternative to standard copyrights, allowing authors to specify ways that their works can be used without having to grant permission for each individual request. Others who want to reserve all of their rights under copyright law should not use CC licenses.

Wood G. Google Scholar. 2014. https://cryptodeep.ru/doc/paper.pdf.

IBM. IBM. https://www.ibm.com/topics/smart-contracts.2023.

ConsenSys. GitHub. https://github.com/ConsenSys/mythril.

Cai W, Wang Z, Ernst JB, Hong Z, Feng C, Leung VCM. Decentralized Applications: The Blockchain-Empowered Software System. in IEEE. 2018.

Olickel H. Oyente: Making Smart Contracts Smarter. Academia. https://www.academia.edu/28735174/Oyente_Making _Smart_Contracts_Smarter.

Mossberg M, Manzano F, Hennenfent E, Groce A, Grieco G, Feist J. Manticore: A User-Friendly Symbolic ExecutionFramework for Binaries and Smart Contracts. in IEEE/ACM. 2019.

Trailofbits. trailofbits/manticore. https://github.com/trailofbits/manticore/.

Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M. Securify: Practical Security Analysis of Smart Contracts. in ACM. 2018.

eth-sri/securify2. https://github.com/eth-sri/securify2.

Feist J, Grieco G, Groce A. Slither: A Static Analysis Framework for Smart Contracts. arXiv. 2019.

Shubhani Aggarwal NK. Chapter Twenty - Attacks on blockchain. Advances in Computers. 2021;121: 399-410.

Alzubaidi L, Zhang J, Humaidi AJ, et al. Review of deep learning: concepts, CNN architectures, challenges, applications, future directions. Journal of Big Data. 2021;8: 53.

Zhang Y. Support Vector Machine Classification Algorithm and Its Application. in ICICA 2012. 2012.

Guo G. KNN Model- Based Approach in Classification. in OTM 2003. 2003.

Chengsheng T, Huacheng L, Bing Xu. AdaBoost typical Algorithm and its application research. in MATEC Web of Conferences. 2017.

Breiman L. Random Forests. Machine Learning. 2001;45: 5-32.

Dhieb N, Ghazzai H, Besbes H, Massoud Y. Extreme Gradient Boosting Machine Learning Algorithm For Safe Auto Insurance Operations, in 2019 IEEE International Conference on Vehicular Electronics and Safety (ICVES). 2019.

Qian P. Messi-Q. https://github.com/Messi-Q/Smart-Contract- Dataset/blob/master/README.md#smart-contractdataset.

Qian P. https://scholar.google.com/citations?user=ic5pZxEAA AAJ&hl=en.

Ethereum Whitepaper. https://ethereum.org/en/whitepaper/.

imbalanced-learn. https://imbalanced-learn.org/stable/.

scikit-learn. https://scikitlearn.org/stable/modules/generated/sklearn.feature_ext raction.text.TfidfVectorizer.html.

Amari Si. Backpropagation and stochastic gradient descent method. Neurocomputing. 1993; 5:185-196.

Yi H. Shiyu S, Xiusheng D, Zhigang C. A study on Deep Neural Networks framework, in 2016 IEEE Advanced Information Management. Communicates, Electronic and Automation Control Conference (IMCEC). 2016.