Show simple item record

dc.contributor.authorNassirzadeh, Behkish 14:24:00 (GMT) 14:24:00 (GMT)
dc.description.abstractIn recent years we have witnessed a dramatic increase in the applications of blockchain and smart contracts in a variety of contexts, including supply-chain, decentralized finance, and international money transfers. However, a critical stumbling block to their further adoption is smart contract security (or more precisely, the lack thereof). Smart contracts, once deployed on a blockchain, are immutable. Hence, unlike traditional software systems, smart contracts are particularly vulnerable to latent security issues. It is therefore imperative that security analysis tools be developed that help improve smart contract security if they are to have continued adoption and impact. A particularly widespread class of security vulnerabilities that afflicts Ethereum smart contracts is the gas-based denial of service (DoS). Briefly, these vulnerabilities generally present in contracts containing unbounded loops. To address the described problem, we present Gas Gauge, a tool aimed at detecting gas-based DoS vulnerabilities in Ethereum smart contracts. Gas Gauge consists of three major components: the Detection Phase, Identification Phase, and Correction Phase. First, we describe a highly accurate static analysis approach that finds all the loops in a smart contract (the Detection Phase). Then, a set of inputs that causes the contract to run out of gas is generated using a fuzzing approach. The last component uses static analysis and run-time verification to predict the maximum loop bounds consistent with allowable gas usage automatically. This component uses a binary search approach and an independent parallel processing design to speed up the process. Each part of the tool can be used separately for different purposes or all together to detect, identify and help repair the contracts vulnerable to out-of-gas behaviors. Gas Gauge was tested on 2,000 real-world solidity smart contracts. The results were compared to seven state-of-the-art tools, and it was empirically demonstrated that Gas Gauge is highly effective and useful.en
dc.publisherUniversity of Waterlooen
dc.subjectsmart contracten
dc.subjecthybrid analysisen
dc.subjectstatic analysisen
dc.subjectruntime verificationen
dc.subjectruntime analysisen
dc.titleSecurity Analysis Methods for Detection and Repair of DoS Vulnerabilities in Smart Contractsen
dc.typeMaster Thesisen
dc.pendingfalse and Computer Engineeringen and Computer Engineeringen of Waterlooen
uws-etd.degreeMaster of Applied Scienceen
uws.contributor.advisorGanesh, Vijay
uws.contributor.affiliation1Faculty of Engineeringen

Files in this item


This item appears in the following Collection(s)

Show simple item record


University of Waterloo Library
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4883

All items in UWSpace are protected by copyright, with all rights reserved.

DSpace software

Service outages