polito.it
Politecnico di Torino (logo)

Security Analysis Tools for Solidity Smart Contracts: A Comparison Based on Real-World Exploits.

Michele Massetti

Security Analysis Tools for Solidity Smart Contracts: A Comparison Based on Real-World Exploits.

Rel. Valentina Gatteschi. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Preview
Abstract:

A blockchain is essentially a digital ledger of transactions that is duplicated and distributed across the entire network of computer systems on the blockchain. Blockchains can implement cryptocurrency systems, because of their ability to maintain a secure and decentralized record of transactions. This technology guarantees fidelity and security of a record of data and generates trust without the need for a trusted third party. Ethereum is a blockchain considered a "smart contract platform" because it was one of the first blockchains allowing their development. Smart contracts are programs which are self-verifying programs running on top of the blockchain. Those are public, distributed and immutable, consequently, developers cannot design security by layers, such as a Firewall or a virtual private network. For these reason, the detection of any potential weaknesses before the deployment turns into a challenge. The regulation of this field is not strict, therefor, malicious users have tried to compute several attacks. To guarantee security, numerous tools have been created, and a large amount of data about vulnerabilities and detection techniques is continually being produced. This thesis is addressed to deepen the field of security in smart contract programming, written in Solidity: the most used and maintained programming language in this field. This work presents a collection of attacks and a collection of tools, selected after a literature research phase. The vulnerable code of smart contracts is explained. The tools are described based on their documentation and experience during the installation on running during this thesis. The analysis have as targets smart contracts involved in real-world exploits that have occurred during the last two years (since 2020). An outcome of the thesis is a comparison of tools based on real-world exploits. The comparison involves parameters such as the time of the installation requirements, the time of execution, the configuration of settings and the amount of discovered vulnerabilities. Furthermore, the tools are grouped based on their different characteristics, their typology, and even on their running mode.

Relatori: Valentina Gatteschi
Anno accademico: 2022/23
Tipo di pubblicazione: Elettronica
Numero di pagine: 88
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Ente in cotutela: KARLSRUHE INSTITUTE OF TECHNOLOGY (GERMANIA)
Aziende collaboratrici: Karlsruher Institut für Technologie / Karlsruhe Institute of Technology - KIT
URI: http://webthesis.biblio.polito.it/id/eprint/25563
Modifica (riservato agli operatori) Modifica (riservato agli operatori)