Modern blockchains support the execution of application-level code in the form of smart contracts, allowing developers to devise complex Distributed Applications (DApps). Smart contracts are typically written in high-level languages, such as Solidity, and after deployment on the blockchain, their code is executed in a distributed way in response to transactions or calls from other smart contracts. As a common piece of software, smart contracts are susceptible to vulnerabilities, posing security threats to DApps and their users. The community has already made many different proposals involving taxonomies related to smart contract vulnerabilities. In this paper, we try to systematize such proposals, evaluating their common traits and main discrepancies. A major limitation emerging from our analysis is the lack of a proper formalization of such taxonomies, making hard their adoption within, e.g., tools and disfavoring their improvement over time as a community-driven effort. We thus introduce a novel data model that clearly defines the key entities and relationships relevant to smart contract vulnerabilities. We then show how our data model and its preliminary instantiation can effectively support several valuable use cases, such as interactive exploration of the taxonomy, integration with security frameworks for effective tool orchestration, and statistical analysis for performing longitudinal studies.

SoK: A Unified Data Model for Smart Contract Vulnerability Taxonomies / Ruggiero, Claudia; Mazzini, Pietro; Coppa, Emilio; Lenti, Simone; Bonomi, Silvia. - (2024). (Intervento presentato al convegno International Conference on Availability, Reliability and Security (ARES 2024) tenutosi a Vienna; Austria) [10.1145/3664476.3664507].

SoK: A Unified Data Model for Smart Contract Vulnerability Taxonomies

Claudia Ruggiero
;
Pietro Mazzini
;
Emilio Coppa
;
Simone Lenti
;
Silvia Bonomi
2024

Abstract

Modern blockchains support the execution of application-level code in the form of smart contracts, allowing developers to devise complex Distributed Applications (DApps). Smart contracts are typically written in high-level languages, such as Solidity, and after deployment on the blockchain, their code is executed in a distributed way in response to transactions or calls from other smart contracts. As a common piece of software, smart contracts are susceptible to vulnerabilities, posing security threats to DApps and their users. The community has already made many different proposals involving taxonomies related to smart contract vulnerabilities. In this paper, we try to systematize such proposals, evaluating their common traits and main discrepancies. A major limitation emerging from our analysis is the lack of a proper formalization of such taxonomies, making hard their adoption within, e.g., tools and disfavoring their improvement over time as a community-driven effort. We thus introduce a novel data model that clearly defines the key entities and relationships relevant to smart contract vulnerabilities. We then show how our data model and its preliminary instantiation can effectively support several valuable use cases, such as interactive exploration of the taxonomy, integration with security frameworks for effective tool orchestration, and statistical analysis for performing longitudinal studies.
2024
International Conference on Availability, Reliability and Security (ARES 2024)
smart contract; vulnerability; blockchain; weakness; taxonomy
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
SoK: A Unified Data Model for Smart Contract Vulnerability Taxonomies / Ruggiero, Claudia; Mazzini, Pietro; Coppa, Emilio; Lenti, Simone; Bonomi, Silvia. - (2024). (Intervento presentato al convegno International Conference on Availability, Reliability and Security (ARES 2024) tenutosi a Vienna; Austria) [10.1145/3664476.3664507].
File allegati a questo prodotto
File Dimensione Formato  
Ruggiero_SoK_2024.pdf

accesso aperto

Note: https://doi.org/10.1145/3664476.3664507
Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Creative commons
Dimensione 939.59 kB
Formato Adobe PDF
939.59 kB Adobe PDF

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1714569
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact