IJMSC Vol. 8, No. 3, 8 Aug. 2022
Cover page and Table of Contents: PDF (size: 316KB)
Full Text (PDF, 316KB), PP.30-36
Views: 0 Downloads: 0
Smart contract, Code Reuse, Security, and Obfuscation.
Along with the advancements in blockchain technology, many blockchain-based successful projects have been done mainly on the ethereum platform, most of which deal with transactions. Still, it also carries various risks when it comes to security, as evident from past attacks. Most big projects like uniswap, decentraland, and others use smart contracts, deployed on the ethereum platform, leading to similar projects via code reuse. Code reuse practice is quite frequent as a survey suggests 26% of contract code deployed is via code reuse. Smart contract code obfuscation techniques can be used on solidity code that is publicly verified, published (in the case of Ethereum), and on the deployment address. All the above techniques work by replacing characters with their random counterpart, known as statistical substitution. A statistical substitution is a process of transforming an input string into a new string where each character has been replaced by a random character drawn from a stock of all possible 'random' characters. Therefore, we proposed numerous methods in this paper to solve the above problems using various smart contract code obfuscation techniques. These techniques can be really useful in blockchain projects and can save millions of dollars to investors & companies by enhancing code security and preventing code reusability. Techniques mentioned in this paper when compared with other techniques. Our methods are not expensive to implement, very easy to use, and provide a developer-friendly selective increment in code complexity.
Kakelli Anil Kumar, Aena Verma, Hritish Kumar, "Smart Contract Obfuscation Technique to Enhance Code Security and Prevent Code Reusability", International Journal of Mathematical Sciences and Computing(IJMSC), Vol.8, No.3, pp. 30-36, 2022. DOI:10.5815/ijmsc.2022.03.03
[1]Chen X, Liao P, Zhang Y, Huang Y, Zheng Z. Understanding Code Reuse in Smart Contracts. In2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) 2021 Mar 9 (pp. 470-479). IEEE.
[2]Sebastian SA, Malgaonkar S, Shah P, Kapoor M, Parekhji T. A study & review on code obfuscation. In2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave) 2016 (pp. 1-6). IEEE.
[3]Behera CK, Bhaskari DL. Different obfuscation techniques for code protection. Procedia Computer Science. 2015 Jan 1;70:757-63.
[4]Zhang M, Zhang P, Luo X, Xiao F. Source Code Obfuscation for Smart Contracts. In2020 27th Asia-Pacific Software Engineering Conference (APSEC) 2020 Dec 1 (pp. 513-514). IEEE.
[5]Karnick, M., MacBride, J., McGinnis, S., Tang, Y., Ramachandran, R. (2006). A Qualitative analysis of Java Obfuscation, Proceedings of 10th IASTED International Conference on Software Engineering and Applications, Dallas TX, USA, November 13-15, 2006.
[6]Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. “On the (im) possibility of obfuscating programs.” In J. Kilian, editor, Advances in Cryptology:CRYPTO 2001, 2001. LNCS 2139.
[7]Aigner AA, Dhaliwal G. UNISWAP: Impermanent Loss and Risk Profile of a Liquidity Provider. arXiv preprint arXiv:2106.14404. 2021 Jun 28.
[8]Collberg C, Thomborson C, Low D. Breaking abstractions and unstructuring data structures. In Proceedings of the 1998 International Conference on Computer Languages (Cat. No. 98CB36225) 1998 May 16 (pp. 28-38). IEEE.
[9]Praitheeshan P, Pan L, Yu J, Liu J, Doss R. Security analysis methods on ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:1908.08605. 2019 Aug 22.
[10]Liu Z, Qian P, Wang X, Zhuang Y, Qiu L, Wang X. Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Transactions on Knowledge and Data Engineering. 2021 Jul 7.
[11]Wang Z, Jin H, Dai W, Choo KK, Zou D. Ethereum smart contract security research: survey and future research opportunities. Frontiers of Computer Science. 2021 Apr;15(2):1-8.
[12]Rameder H. Systematic Review of Ethereum Smart Contract Security Vulnerabilities, Analysis Methods and Tools (Doctoral dissertation, Wien).
[13]Huang Y, Bian Y, Li R, Zhao JL, Shi P. Smart contract security: A software lifecycle perspective. IEEE Access. 2019 Oct 11;7:150184-202.
[14]Guida L, Daniel F. Supporting reuse of smart contracts through service orientation and assisted development. In2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) 2019 Apr 4 (pp. 59-68). IEEE.