Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: tools, analysis and countermeasures
【Author】 Hamdi, Ahlem; Fourati, Lamia; Ayed, Samiha
【Source】INTERNATIONAL JOURNAL OF INFORMATION SECURITY
【影响因子】2.427
【Abstract】Nowadays, blockchain has become increasingly popular due to its promise of supporting critical business services in various areas. Blockchain systems, like Ethereum and Hyperledger Fabric, rely on sophisticated middleware, which enables the execution of smart contracts. Smart contracts define the business logic within cooperative applications. Detecting attacks and vulnerabilities within blockchain is a crucial issue for ensuring the security of different generations of blockchains. Testing a blockchain application serves multiple purposes: it ensures its quality, maximizes test coverage, and minimizes the risks associated with insufficient knowledge that could potentially impact the software development process. That is why several static analysis tools targeting Ethereum smart contracts and Hyperledger Fabric chaincode have recently been proposed by the blockchain research community. However, the efficiency of these analysis tools remains an open issue that requires further investigation. In this context, this paper presents a new taxonomy related to attacks targeting different generations of blockchain and evaluates the available analysis tools that can be utilized to assess the resilience of blockchain 2.0 and blockchain 3.0 against a range of vulnerabilities and attacks. Additionally, this study presents two quantitative analyses: one assessing the performance of tools in evaluating smart contract vulnerabilities within blockchain 2.0, and another analyzing the performance of tools in assessing blockchain 3.0 vulnerabilities within chaincode. Furthermore, this comprehensive study holds value for the research community as it considers various generations of blockchain.
【Keywords】Blockchain; Attacks; Solidity; Smart contracts; Hyperledger fabric; Security; Security analysis tools; Vulnerability detection; Testing
【发表时间】2023 2023 OCT 14
【收录时间】2023-10-31
【文献类型】实验仿真
【主题类别】
区块链治理-技术治理-漏洞检测
评论