TY - GEN
T1 - Checking Smart Contract Vulnerabilities in Blockchain-based Internet of Drones
AU - Ji, Xiaohai
AU - Zhou, Zequan
AU - He, Ting
AU - Luo, Xiling
AU - Wang, Junjun
AU - Huo, Zhiqin
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2025/3/21
Y1 - 2025/3/21
N2 - Blockchain-based Internet of Drones (B-IoD) is a digital infrastructure that utilizes blockchain for the secure management and operation of drones. Through smart contracts (immutable on-chain programs), B-IoD can automate a variety of applications such as drone logistics, data analysis, and situation monitoring. In B-IoD systems, miners provide computing power to generate new blocks. This leads to contracts prone to blockchain-level vulnerabilities, where miners may control the transaction order and block information in new blocks to jeopardize system stability. Auditing blockchain-level vulnerabilities in contracts is a crucial problem. Existing methods employ symbolic execution to audit contracts. However, inaccurate execution modeling, such as memory and storage, leads existing methods to have inferior detection accuracy. For such, in this paper, we propose an effective static audit method for detecting blockchain-level vulnerabilities in smart contracts of B-IoD. Our method accurately models the executive data structure to capture contract state changes and uses symbolic execution to search for execution paths. We implement an automatic audit tool, ScAudit, which inputs Solidity source code and reports if the contract is vulnerable to blockchain-level vulnerabilities. We evaluate ScAudit on real-world contracts and compare it with existing tools. The experiment results show that ScAudit performs well and accurately detects blockchain-level vulnerabilities.
AB - Blockchain-based Internet of Drones (B-IoD) is a digital infrastructure that utilizes blockchain for the secure management and operation of drones. Through smart contracts (immutable on-chain programs), B-IoD can automate a variety of applications such as drone logistics, data analysis, and situation monitoring. In B-IoD systems, miners provide computing power to generate new blocks. This leads to contracts prone to blockchain-level vulnerabilities, where miners may control the transaction order and block information in new blocks to jeopardize system stability. Auditing blockchain-level vulnerabilities in contracts is a crucial problem. Existing methods employ symbolic execution to audit contracts. However, inaccurate execution modeling, such as memory and storage, leads existing methods to have inferior detection accuracy. For such, in this paper, we propose an effective static audit method for detecting blockchain-level vulnerabilities in smart contracts of B-IoD. Our method accurately models the executive data structure to capture contract state changes and uses symbolic execution to search for execution paths. We implement an automatic audit tool, ScAudit, which inputs Solidity source code and reports if the contract is vulnerable to blockchain-level vulnerabilities. We evaluate ScAudit on real-world contracts and compare it with existing tools. The experiment results show that ScAudit performs well and accurately detects blockchain-level vulnerabilities.
KW - automatic tool
KW - blockchain-level vulnerabilities
KW - static audit
KW - symbolic execution
UR - https://www.scopus.com/pages/publications/105002237443
U2 - 10.1145/3716895.3716931
DO - 10.1145/3716895.3716931
M3 - 会议稿件
AN - SCOPUS:105002237443
T3 - Proceedings of the 5th International Conference on Artificial Intelligence and Computer Engineering, ICAICE 2024
SP - 198
EP - 202
BT - Proceedings of the 5th International Conference on Artificial Intelligence and Computer Engineering, ICAICE 2024
PB - Association for Computing Machinery, Inc
T2 - 5th International Conference on Artificial Intelligence and Computer Engineering, ICAICE 2024
Y2 - 8 November 2024 through 10 November 2024
ER -