SlideShare a Scribd company logo

Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities .pptx

Download as PPTX, PDF
M
Mohammed Abdul Lateef

- Overview of Vulnerability Assessment Results - Bytecode Analysis: Mythril, Slither, Manual - EVM Opcode Analysis: Mythril, Slither, Manual - Solidity Code Analysis: Mythril, Slither, Manual - Dissemination of Smart Contract Vulnerability Analysis

Engineering
1 of 21
Paper ID: 36 Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities - Mohammed Abdul Lateef, Dr. A. Kavitha Jawaharlal Nehru Technological University Hyderabad, India PRESENTED BY Mohammed Abdul Lateef (M. Tech, Spl -Cyber Forensics & Information Security) Department of Computer Science and Engineering Institute of Management and Information Technology, Cuttack
Lets Begin!!!
A G E N D A 01 02 03 04 05 06 07 Introduction Problem Formulation Methodology Implementation Results Obtained Conclusion & Future Scope References
01 Introduction to Vulnerability in Smart Contracts
Importance of Smart Contracts: Efficiency: Streamline processes and reduce manual intervention. Transparency: Immutable nature ensures transparency and trust. Cost Savings: Eliminate intermediaries and reduce transaction costs Smart contracts revolutionize decentralized applications, offering ....... - automated execution of agreements on blockchain networks. - based on Etherum. • Vulnerabilities in it, can compromise - the security, integrity, and functionality. Unveiling..... Smart Contract Vulnerability
Importance of Smart Contracts: Effic Identifying vulnerabilities is crucial to ensure the integrity and reliability of Ethereum-based applications. - Types of Security Vulnerabilities: 1. Smart Contract Bugs 2. Exploitable Functions 3. External Threats: Attacks Imp of Vulnerability Check in Smart Contracts.... Risk Breach Mitigate
02 Problem Formulation
Vote Buying and Selling Denial of Service (DoS) Attack Hacking Attempts Tampering with Voting Data Vulnerability Issues in Smart Contracts E-voting Systems face the following issues: • Lack of Transparency & Legal and Regulatory Concerns
03 Methodology
SECURE-AMSVA (Systematic Evaluation for Comprehensive and Unified Review of Automated and Manual Smart Contract Vulnerability Assessment) 1. SECURE-AMSVA represents a structured approach for vulnerability assessment in Ethereum-based smart contracts. 2. Integrates automated and manual techniques for a comprehensive evaluation. 3. Ensures systematic evaluation and unified review of vulnerabilities.
Confirmation Engine (VCE) Components of SECURE-AMSVA 1. Automated Analysis: - Utilizes tools like Mythril and Slither for dynamic and static analysis. - Swiftly identifies known vulnerabilities and coding issues. 2. Manual Analysis: - Conducted by human experts for in-depth examination of code logic and architecture. - Uncovers nuanced vulnerabilities that automated tools may overlook. -SECURE-AMSVA is all about implementing a combined approach of smart contract analysis of Manual and Automated processes
Role of the VCE: 1. Crucial bridge between vulnerability identification and remediation efforts. 2. Validates potential vulnerabilities detected. The -VCE Vulnerability Confirmation Engine Techniques Utilizes static and dynamic analysis, along with manual review, to confirm vulnerabilities. Benefits Efficiency, Accuracy, Risk Mitigation
04 Implementation
01 02 Mythril: 1. Identifies runtime vulnerabilities like re-entrancy attacks and integer overflows. 2. Offers extensible bytecode generation system. Slither: 1. Detects known vulnerabilities and coding mistakes. 2. Highly customizable with custom rules and checks. Generates reports compatible with various tools. IMPLEMENTATION Input types: 1. Bytecode 2. EVM code 3. Solidity code Tools Employed.... Vulnerabilities Tested: • Re-entrancy • Unchecked External call • Integer Overflow • Un-initialized variable • Access Control
05 Results Obtained
Result Obtained Breakdown between tools obtained from different analysis methods (Bytecode Analysis, EVM Opcode Analysis, and Solidity Code Analysis) - for various smart contract vulnerabilities Table: : Dissemination of Smart contract vulnerability analysis
05 Conclusion & Future Scope​
Conclusion & Future Scope​ - Further research focus on enhancing the SECURE-AMSVA methodology by incorporating additional automated tools or refining manual analysis techniques. Exploration of emerging vulnerabilities and proactive measures to mitigate them. The SECURE-AMSVA methodology is developed to enhance the security of Ethereum-based smart contracts. Through rigorous assessment, vulnerabilities such as reentrancy attacks and integer overflows were identified precisely. Integration of automated tools like Mythril and Slither with manual analysis ensures a comprehensive evaluation. The methodology's holistic approach provides a deeper understanding of smart contract vulnerabilities.
06 References
References • D. He, R. Wu, X. Li, S. Chan and M. Guizani, "Detection of Vulnerabilities of Blockchain Smart Contracts," in IEEE Internet of Things Journal, vol. 10, no. 14, pp. 12178-12185, 15 July15, 2023, doi: 10.1109/JIOT.2023.3241544.
THANK YOU!

Recommended

A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...
A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...
A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...
SIR SUCCESS PRINCE DUAH DUAH
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securityppt
Sachin Roy
 
[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition
ITAS VIETNAM
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
amallblitz0
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Laura Arrigo
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
IRJET Journal
 
Identity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key CryptographyIdentity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key Cryptography
CSCJournals
 
IRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain ProxyIRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET Journal
 

Recommended

A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...
A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...
A REPORT ON THE ANALYSIS ON WEB AUTHENTICATION BASED ON SINGLE BLOCK HASH FUN...
SIR SUCCESS PRINCE DUAH DUAH
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securityppt
Sachin Roy
 
[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition
ITAS VIETNAM
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
amallblitz0
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Laura Arrigo
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
IRJET Journal
 
Identity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key CryptographyIdentity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key Cryptography
CSCJournals
 
IRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain ProxyIRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET Journal
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
ijseajournal
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
Bassam Al-Khatib
 
Ethical Hacking Course
Ethical Hacking CourseEthical Hacking Course
Ethical Hacking Course
Securium Solutions
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
IRJET Journal
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
Sandeep Maurya
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
PrinceGupta789219
 
D03302030036
D03302030036D03302030036
D03302030036
theijes
 
Methodology for Deriving and Integrating Countermeasures Design Models for El...
Methodology for Deriving and Integrating Countermeasures Design Models for El...Methodology for Deriving and Integrating Countermeasures Design Models for El...
Methodology for Deriving and Integrating Countermeasures Design Models for El...
International Journal of Science and Research (IJSR)
 
Challenges Faced by Cybersecurity in Metaverse & Its Solutions.pdf
Challenges Faced by Cybersecurity in Metaverse & Its Solutions.pdfChallenges Faced by Cybersecurity in Metaverse & Its Solutions.pdf
Challenges Faced by Cybersecurity in Metaverse & Its Solutions.pdf
MobibizIndia1
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
Zero Science Lab
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
AM Publications
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
segughana
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
IAEME Publication
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
Didiet Kusumadihardja
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
Krishna Chennareddy
 
Dupressoir
DupressoirDupressoir
Dupressoir
anesah
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
Codenomicon
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Mohammed Abdul Lateef
 
Analysis of birthday paradox bounds & Generalization.pptx
Analysis of birthday paradox bounds & Generalization.pptxAnalysis of birthday paradox bounds & Generalization.pptx
Analysis of birthday paradox bounds & Generalization.pptx
Mohammed Abdul Lateef
 

More Related Content

Similar to Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities .pptx

Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
ijseajournal
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
Sandeep Maurya
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
Zero Science Lab
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
segughana
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Dupressoir
DupressoirDupressoir
Dupressoir
anesah
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
Codenomicon
 

Similar to Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities .pptx (20)

Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Ethical Hacking Course
Ethical Hacking CourseEthical Hacking Course
Ethical Hacking Course
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 
D03302030036
D03302030036D03302030036
D03302030036
 
Methodology for Deriving and Integrating Countermeasures Design Models for El...
Methodology for Deriving and Integrating Countermeasures Design Models for El...Methodology for Deriving and Integrating Countermeasures Design Models for El...
Methodology for Deriving and Integrating Countermeasures Design Models for El...
 
Challenges Faced by Cybersecurity in Metaverse & Its Solutions.pdf
Challenges Faced by Cybersecurity in Metaverse & Its Solutions.pdfChallenges Faced by Cybersecurity in Metaverse & Its Solutions.pdf
Challenges Faced by Cybersecurity in Metaverse & Its Solutions.pdf
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Dupressoir
DupressoirDupressoir
Dupressoir
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 

More from Mohammed Abdul Lateef

Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Mohammed Abdul Lateef
 
Analysis of birthday paradox bounds & Generalization.pptx
Analysis of birthday paradox bounds & Generalization.pptxAnalysis of birthday paradox bounds & Generalization.pptx
Analysis of birthday paradox bounds & Generalization.pptx
Mohammed Abdul Lateef
 
Blockchain Smart Contract Fortification presentation.pptx
Blockchain Smart Contract Fortification presentation.pptxBlockchain Smart Contract Fortification presentation.pptx
Blockchain Smart Contract Fortification presentation.pptx
Mohammed Abdul Lateef
 

More from Mohammed Abdul Lateef (8)

Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
 
Analysis of birthday paradox bounds & Generalization.pptx
Analysis of birthday paradox bounds & Generalization.pptxAnalysis of birthday paradox bounds & Generalization.pptx
Analysis of birthday paradox bounds & Generalization.pptx
 
Blockchain Smart Contract Fortification presentation.pptx
Blockchain Smart Contract Fortification presentation.pptxBlockchain Smart Contract Fortification presentation.pptx
Blockchain Smart Contract Fortification presentation.pptx
 
SECURITY and PRINCIPLES IN 5G Technologies.pptx
SECURITY and PRINCIPLES IN 5G Technologies.pptxSECURITY and PRINCIPLES IN 5G Technologies.pptx
SECURITY and PRINCIPLES IN 5G Technologies.pptx
 
DATA SECURITY WITH AES ENCRYPTION, ELLIPTIC CURVE ENCRYPTION AND SIGNATURE
DATA SECURITY WITH AES ENCRYPTION, ELLIPTIC CURVE ENCRYPTION AND SIGNATURE DATA SECURITY WITH AES ENCRYPTION, ELLIPTIC CURVE ENCRYPTION AND SIGNATURE
DATA SECURITY WITH AES ENCRYPTION, ELLIPTIC CURVE ENCRYPTION AND SIGNATURE
 
Bio filters/ Biofilteration
Bio filters/ BiofilterationBio filters/ Biofilteration
Bio filters/ Biofilteration
 
Calorific Values
Calorific ValuesCalorific Values
Calorific Values
 
Indian Mathematician
Indian MathematicianIndian Mathematician
Indian Mathematician
 

Recently uploaded

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
jaanualu31
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
NANDHAKUMARA10
 

Recently uploaded (20)

UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Memory Interfacing of 8086 with DMA 8257
Memory Interfacing of 8086 with DMA 8257Memory Interfacing of 8086 with DMA 8257
Memory Interfacing of 8086 with DMA 8257
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdf
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth Reinforcement
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Introduction to Geographic Information Systems
Introduction to Geographic Information SystemsIntroduction to Geographic Information Systems
Introduction to Geographic Information Systems
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 

Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities .pptx

  • 1. Paper ID: 36 Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities - Mohammed Abdul Lateef, Dr. A. Kavitha Jawaharlal Nehru Technological University Hyderabad, India PRESENTED BY Mohammed Abdul Lateef (M. Tech, Spl -Cyber Forensics & Information Security) Department of Computer Science and Engineering Institute of Management and Information Technology, Cuttack
  • 5. Importance of Smart Contracts: Efficiency: Streamline processes and reduce manual intervention. Transparency: Immutable nature ensures transparency and trust. Cost Savings: Eliminate intermediaries and reduce transaction costs Smart contracts revolutionize decentralized applications, offering ....... - automated execution of agreements on blockchain networks. - based on Etherum. • Vulnerabilities in it, can compromise - the security, integrity, and functionality. Unveiling..... Smart Contract Vulnerability
  • 6. Importance of Smart Contracts: Effic Identifying vulnerabilities is crucial to ensure the integrity and reliability of Ethereum-based applications. - Types of Security Vulnerabilities: 1. Smart Contract Bugs 2. Exploitable Functions 3. External Threats: Attacks Imp of Vulnerability Check in Smart Contracts.... Risk Breach Mitigate
  • 8. Vote Buying and Selling Denial of Service (DoS) Attack Hacking Attempts Tampering with Voting Data Vulnerability Issues in Smart Contracts E-voting Systems face the following issues: • Lack of Transparency & Legal and Regulatory Concerns
  • 10. SECURE-AMSVA (Systematic Evaluation for Comprehensive and Unified Review of Automated and Manual Smart Contract Vulnerability Assessment) 1. SECURE-AMSVA represents a structured approach for vulnerability assessment in Ethereum-based smart contracts. 2. Integrates automated and manual techniques for a comprehensive evaluation. 3. Ensures systematic evaluation and unified review of vulnerabilities.
  • 11. Confirmation Engine (VCE) Components of SECURE-AMSVA 1. Automated Analysis: - Utilizes tools like Mythril and Slither for dynamic and static analysis. - Swiftly identifies known vulnerabilities and coding issues. 2. Manual Analysis: - Conducted by human experts for in-depth examination of code logic and architecture. - Uncovers nuanced vulnerabilities that automated tools may overlook. -SECURE-AMSVA is all about implementing a combined approach of smart contract analysis of Manual and Automated processes
  • 12. Role of the VCE: 1. Crucial bridge between vulnerability identification and remediation efforts. 2. Validates potential vulnerabilities detected. The -VCE Vulnerability Confirmation Engine Techniques Utilizes static and dynamic analysis, along with manual review, to confirm vulnerabilities. Benefits Efficiency, Accuracy, Risk Mitigation
  • 14. 01 02 Mythril: 1. Identifies runtime vulnerabilities like re-entrancy attacks and integer overflows. 2. Offers extensible bytecode generation system. Slither: 1. Detects known vulnerabilities and coding mistakes. 2. Highly customizable with custom rules and checks. Generates reports compatible with various tools. IMPLEMENTATION Input types: 1. Bytecode 2. EVM code 3. Solidity code Tools Employed.... Vulnerabilities Tested: • Re-entrancy • Unchecked External call • Integer Overflow • Un-initialized variable • Access Control
  • 16. Result Obtained Breakdown between tools obtained from different analysis methods (Bytecode Analysis, EVM Opcode Analysis, and Solidity Code Analysis) - for various smart contract vulnerabilities Table: : Dissemination of Smart contract vulnerability analysis
  • 18. Conclusion & Future Scope​ - Further research focus on enhancing the SECURE-AMSVA methodology by incorporating additional automated tools or refining manual analysis techniques. Exploration of emerging vulnerabilities and proactive measures to mitigate them. The SECURE-AMSVA methodology is developed to enhance the security of Ethereum-based smart contracts. Through rigorous assessment, vulnerabilities such as reentrancy attacks and integer overflows were identified precisely. Integration of automated tools like Mythril and Slither with manual analysis ensures a comprehensive evaluation. The methodology's holistic approach provides a deeper understanding of smart contract vulnerabilities.
  • 20. References • D. He, R. Wu, X. Li, S. Chan and M. Guizani, "Detection of Vulnerabilities of Blockchain Smart Contracts," in IEEE Internet of Things Journal, vol. 10, no. 14, pp. 12178-12185, 15 July15, 2023, doi: 10.1109/JIOT.2023.3241544.