GRIFFIN: Enhancing the security of smart contracts

Article Sidebar

Trends in Computer Science and Information Technology volume8-issue3 articles
PDF HTML
Submitted: October 28, 2023
Published: Nov 17, 2023
DOI: 10.17352/tcsit.000071

Main Article Content

Franciscu SY*
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Ruggahakotuwa RK
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Samarawickrama SWYS
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Lahiru JAD
Department of Computer, Systems Engineering, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka

Abstract



In the rapidly evolving landscape of decentralized systems, ensuring the integrity and trustworthiness of smart contracts is paramount for developers. This paper presents a comprehensive strategy for enhancing smart contract security by focusing on specific high-risk areas, including Integer Overflow, Dangerous Delegate Calls, Timestamp Dependency, Reentrancy Vulnerabilities, Race Conditions, and Sybil attacks. Despite the growing significance of smart contracts in blockchain ecosystems, a notable research gap exists in the development of specialized tools capable of providing real-time vulnerability detection and mitigation guidance. To bridge this gap, our research introduces the ‘GRIFFIN’ - Smart Contracts.


Vulnerability Detector is a powerful tool that has been rigorously tested and validated. Our study has yielded significant results, demonstrating the efficacy of the GRIFFIN in proactively identifying and mitigating critical vulnerabilities within a diverse dataset of 12,000 real-world solidity smart contracts. The tool leverages state-of-the-art static analysis techniques and machine learning algorithms, achieving superior accuracy rates when compared to existing solutions. This heightened accuracy not only empowers developers but also boosts the overall robustness and dependability of smart contract ecosystems. The cornerstone of our research is the development and validation of a practical, user-centric solution. By providing actionable insights, code snippets, and real-time feedback to developers, GRIFFIN equips them with the knowledge and tools needed to address vulnerabilities swiftly and effectively. This innovative approach is not merely an academic endeavor but a significant stride towards cultivating resilient and dependable smart contract environments. It instills a culture of security-conscious development practices, ensuring that the smart contracts crucial to decentralized systems can operate with the highest level of trust and reliability.


Index Terms— Smart Contracts; Integer overflow; Dangerous
Delegate call; Timestamp Dependence; Reentrancy Attack; Race
Condition; Sybil Attack; Static Analysis; Detection



Downloads

Download data is not yet available.

Article Details

SY, F., RK, R., SWYS, S., & JAD, L. (2023). GRIFFIN: Enhancing the security of smart contracts. Trends in Computer Science and Information Technology, 8(3), 073–081. https://doi.org/10.17352/tcsit.000071
Research Articles

Copyright (c) 2023 Franciscu SY, et al.

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Wood G. Google Scholar. 2014. https://cryptodeep.ru/doc/paper.pdf.

IBM. IBM. https://www.ibm.com/topics/smart-contracts.2023.

ConsenSys. GitHub. https://github.com/ConsenSys/mythril.

Cai W, Wang Z, Ernst JB, Hong Z, Feng C, Leung VCM. Decentralized Applications: The Blockchain-Empowered Software System. in IEEE. 2018.

Olickel H. Oyente: Making Smart Contracts Smarter. Academia. https://www.academia.edu/28735174/Oyente_Making _Smart_Contracts_Smarter.

Mossberg M, Manzano F, Hennenfent E, Groce A, Grieco G, Feist J. Manticore: A User-Friendly Symbolic ExecutionFramework for Binaries and Smart Contracts. in IEEE/ACM. 2019.

Trailofbits. trailofbits/manticore. https://github.com/trailofbits/manticore/.

Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M. Securify: Practical Security Analysis of Smart Contracts. in ACM. 2018.

eth-sri/securify2. https://github.com/eth-sri/securify2.

Feist J, Grieco G, Groce A. Slither: A Static Analysis Framework for Smart Contracts. arXiv. 2019.

Shubhani Aggarwal NK. Chapter Twenty - Attacks on blockchain. Advances in Computers. 2021;121: 399-410.

Alzubaidi L, Zhang J, Humaidi AJ, et al. Review of deep learning: concepts, CNN architectures, challenges, applications, future directions. Journal of Big Data. 2021;8: 53.

Zhang Y. Support Vector Machine Classification Algorithm and Its Application. in ICICA 2012. 2012.

Guo G. KNN Model- Based Approach in Classification. in OTM 2003. 2003.

Chengsheng T, Huacheng L, Bing Xu. AdaBoost typical Algorithm and its application research. in MATEC Web of Conferences. 2017.

Breiman L. Random Forests. Machine Learning. 2001;45: 5-32.

Dhieb N, Ghazzai H, Besbes H, Massoud Y. Extreme Gradient Boosting Machine Learning Algorithm For Safe Auto Insurance Operations, in 2019 IEEE International Conference on Vehicular Electronics and Safety (ICVES). 2019.

Qian P. Messi-Q. https://github.com/Messi-Q/Smart-Contract- Dataset/blob/master/README.md#smart-contractdataset.

Qian P. https://scholar.google.com/citations?user=ic5pZxEAA AAJ&hl=en.

Ethereum Whitepaper. https://ethereum.org/en/whitepaper/.

imbalanced-learn. https://imbalanced-learn.org/stable/.

scikit-learn. https://scikitlearn.org/stable/modules/generated/sklearn.feature_ext raction.text.TfidfVectorizer.html.

Amari Si. Backpropagation and stochastic gradient descent method. Neurocomputing. 1993; 5:185-196.

Yi H. Shiyu S, Xiusheng D, Zhigang C. A study on Deep Neural Networks framework, in 2016 IEEE Advanced Information Management. Communicates, Electronic and Automation Control Conference (IMCEC). 2016.