Security Analysis Methods for Detection and Repair of DoS Vulnerabilities in Smart Contracts

Nassirzadeh, Behkish

dc.contributor.author	Nassirzadeh, Behkish
dc.date.accessioned	2021-04-19 14:24:00 (GMT)
dc.date.available	2021-04-19 14:24:00 (GMT)
dc.date.issued	2021-04-19
dc.date.submitted	2021-04-12
dc.identifier.uri	http://hdl.handle.net/10012/16885
dc.description.abstract	In recent years we have witnessed a dramatic increase in the applications of blockchain and smart contracts in a variety of contexts, including supply-chain, decentralized finance, and international money transfers. However, a critical stumbling block to their further adoption is smart contract security (or more precisely, the lack thereof). Smart contracts, once deployed on a blockchain, are immutable. Hence, unlike traditional software systems, smart contracts are particularly vulnerable to latent security issues. It is therefore imperative that security analysis tools be developed that help improve smart contract security if they are to have continued adoption and impact. A particularly widespread class of security vulnerabilities that afflicts Ethereum smart contracts is the gas-based denial of service (DoS). Briefly, these vulnerabilities generally present in contracts containing unbounded loops. To address the described problem, we present Gas Gauge, a tool aimed at detecting gas-based DoS vulnerabilities in Ethereum smart contracts. Gas Gauge consists of three major components: the Detection Phase, Identification Phase, and Correction Phase. First, we describe a highly accurate static analysis approach that finds all the loops in a smart contract (the Detection Phase). Then, a set of inputs that causes the contract to run out of gas is generated using a fuzzing approach. The last component uses static analysis and run-time verification to predict the maximum loop bounds consistent with allowable gas usage automatically. This component uses a binary search approach and an independent parallel processing design to speed up the process. Each part of the tool can be used separately for different purposes or all together to detect, identify and help repair the contracts vulnerable to out-of-gas behaviors. Gas Gauge was tested on 2,000 real-world solidity smart contracts. The results were compared to seven state-of-the-art tools, and it was empirically demonstrated that Gas Gauge is highly effective and useful.	en
dc.language.iso	en	en
dc.publisher	University of Waterloo	en
dc.subject	blockchain	en
dc.subject	smart contract	en
dc.subject	ethereum	en
dc.subject	hybrid analysis	en
dc.subject	fuzzing	en
dc.subject	fuzzer	en
dc.subject	static analysis	en
dc.subject	runtime verification	en
dc.subject	runtime analysis	en
dc.subject	dos	en
dc.subject	security	en
dc.subject	cryptography	en
dc.subject	privacy	en
dc.title	Security Analysis Methods for Detection and Repair of DoS Vulnerabilities in Smart Contracts	en
dc.type	Master Thesis	en
dc.pending	false
uws-etd.degree.department	Electrical and Computer Engineering	en
uws-etd.degree.discipline	Electrical and Computer Engineering	en
uws-etd.degree.grantor	University of Waterloo	en
uws-etd.degree	Master of Applied Science	en
uws-etd.embargo.terms	0	en
uws.contributor.advisor	Ganesh, Vijay
uws.contributor.affiliation1	Faculty of Engineering	en
uws.published.city	Waterloo	en
uws.published.country	Canada	en
uws.published.province	Ontario	en
uws.typeOfResource	Text	en
uws.peerReviewStatus	Unreviewed	en
uws.scholarLevel	Graduate	en

Files in this item

Name:: Nassirzadeh_Behkish.pdf
Size:: 671.2Kb
Format:: PDF

View/ Open

This item appears in the following Collection(s)

Show simple item record