HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
Blockchain Smart Contract Fortification using Bytecode Analysis to Address Vulnerabilities.pptx
1. Paper ID: 36
Blockchain Smart Contract Fortification using
Bytecode Analysis to Address Vulnerabilities
- Mohammed Abdul Lateef, Dr. A. Kavitha
Jawaharlal Nehru Technological University Hyderabad, India
PRESENTED BY
Mohammed Abdul Lateef
(M. Tech, Spl -Cyber Forensics & Information Security)
Department of Computer Science and Engineering
Institute of Management and Information Technology, Cuttack
5. Importance of Smart Contracts:
Efficiency: Streamline processes and reduce manual intervention.
Transparency: Immutable nature ensures transparency and trust.
Cost Savings: Eliminate intermediaries and reduce transaction costs
Smart contracts revolutionize decentralized
applications,
offering .......
- automated execution of agreements on
blockchain networks.
- based on Etherum.
• Vulnerabilities in it, can compromise
- the security, integrity, and functionality.
Unveiling..... Smart Contract Vulnerability
6. Importance of Smart Contracts:
Effic
Identifying vulnerabilities is crucial to ensure
the integrity and reliability of Ethereum-based
applications.
- Types of Security Vulnerabilities:
1. Smart Contract Bugs
2. Exploitable Functions
3. External Threats: Attacks
Imp of Vulnerability Check in Smart Contracts....
Risk
Breach
Mitigate
8. Vote Buying and Selling
Denial of Service (DoS) Attack
Hacking Attempts
Tampering with Voting Data
Vulnerability Issues in Smart Contracts
E-voting Systems face the following issues:
• Lack of Transparency & Legal and Regulatory Concerns
10. SECURE-AMSVA
(Systematic Evaluation for Comprehensive and Unified Review of
Automated and Manual Smart Contract Vulnerability Assessment)
1. SECURE-AMSVA represents a structured
approach for vulnerability assessment in
Ethereum-based smart contracts.
2. Integrates automated and manual
techniques for a comprehensive
evaluation.
3. Ensures systematic evaluation and unified
review of vulnerabilities.
11. Confirmation Engine (VCE)
Components of SECURE-AMSVA
1. Automated Analysis:
- Utilizes tools like Mythril and
Slither for dynamic and static
analysis.
- Swiftly identifies known
vulnerabilities and coding issues.
2. Manual Analysis:
- Conducted by human experts
for in-depth examination of code
logic and architecture.
- Uncovers nuanced
vulnerabilities that automated tools
may overlook.
-SECURE-AMSVA is all about implementing a combined approach of smart contract analysis of
Manual and Automated processes
12. Role of the VCE:
1. Crucial bridge between vulnerability
identification and remediation efforts.
2. Validates potential vulnerabilities detected.
The -VCE
Vulnerability Confirmation Engine
Techniques
Utilizes static and dynamic analysis, along with
manual review, to confirm vulnerabilities.
Benefits
Efficiency, Accuracy, Risk Mitigation
16. Result Obtained
Breakdown between
tools obtained from
different analysis
methods
(Bytecode Analysis,
EVM Opcode
Analysis, and Solidity
Code Analysis)
- for various smart
contract
vulnerabilities
Table: : Dissemination of Smart contract vulnerability analysis
18. Conclusion & Future Scope
- Further research focus on enhancing the SECURE-AMSVA methodology by
incorporating additional automated tools or refining manual analysis techniques.
Exploration of emerging vulnerabilities and proactive measures to mitigate them.
The SECURE-AMSVA methodology is developed to enhance the security of Ethereum-based smart contracts.
Through rigorous assessment, vulnerabilities such as reentrancy attacks and integer overflows were identified
precisely.
Integration of automated tools like Mythril and Slither with manual analysis ensures a comprehensive evaluation.
The methodology's holistic approach provides a deeper understanding of smart contract vulnerabilities.
20. References
• D. He, R. Wu, X. Li, S. Chan and M. Guizani, "Detection of Vulnerabilities of
Blockchain Smart Contracts," in IEEE Internet of Things Journal, vol. 10, no. 14, pp.
12178-12185, 15 July15, 2023, doi: 10.1109/JIOT.2023.3241544.