SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts
This addresses security vulnerabilities in Ethereum smart contracts to prevent financial losses, but it is incremental as it builds on existing analysis methods.
The authors tackled the problem of detecting Denial of Service vulnerabilities in Ethereum smart contracts by proposing SmartScan, a framework that combines static and dynamic analysis, which showed improved precision and recall compared to state-of-the-art techniques on a set of 500 contracts.
Blockchain technology (BT) Ethereum Smart Contracts allows programmable transactions that involve the transfer of monetary assets among peers on a BT network independent of a central authorizing agency. Ethereum Smart Contracts are programs that are deployed as decentralized applications, having the building blocks of the blockchain consensus protocol. This technology enables consumers to make agreements in a transparent and conflict-free environment. However, the security vulnerabilities within these smart contracts are a potential threat to the applications and their consumers and have shown in the past to cause huge financial losses. In this paper, we propose a framework that combines static and dynamic analysis to detect Denial of Service (DoS) vulnerability due to an unexpected revert in Ethereum Smart Contracts. Our framework, SmartScan, statically scans smart contracts under test (SCUTs) to identify patterns that are potentially vulnerable in these SCUTs and then uses dynamic analysis to precisely confirm their exploitability of the DoS-Unexpected Revert vulnerability, thus achieving increased performance and more precise results. We evaluated SmartScan on a set of 500 smart contracts collected from the Etherscan. Our approach shows an improvement in precision and recall when compared to available state-of-the-art techniques.