HermHD: Enhancing smart contract security based on code obfuscation
Pages 96 - 101
Abstract
Abstract. Due to the transparent nature of blockchain, all transaction information and smart contract code is recorded on the public blockchain. It is easy for existing static analysis tools to analyze and exploit vulnerabilities in smart contract code. To mitigate this risk, we propose HermHD, an automated security enhancement tool that protects smart contracts on the Ethereum network. HermHD employs six obfuscation patterns that can rewrite the bytecode of a smart contract without affecting its functionality. By applying these obfuscation techniques, we aim to prevent reverse static analysis tools from cracking the contract and thereby enhance the security of smart contracts. To validate the effectiveness of HermHD, we conducted experiments on 121 smart contracts from a public dataset. 54The evaluation results demonstrate that all the protected smart contracts are resistant to two popular reverse engineering tools, and the additional gas cost incurred is minimal.
References
[1]
Z. Zheng, S. Xie, H.-N. Dai, X. Chen, and H. Wang, “Blockchain challenges and opportunities: A survey,” International Journal of Web and Grid Services, vol. 14, no. 4, pp. 352–375, 2018.
[2]
Z. Liu, P. Qian, X. Wang, Y. Zhuang, L. Qiu, and X. Wang, “Combining graph neural networks with expert knowledge for smart contract vulnerability detection,” IEEE Transactions on Knowledge and Data Engineering, 2021.
[3]
http://xblock.pro/#/search?types=datasets, 2023.
[4]
https://www.slowmist.com/report/first-half-of-the-2023-report(CN).pdf, 2023.
[5]
Yi Z, Kumar D, Bakshi S, Erays: Reverse Engineering Ethereum's Opaque Smart Contracts[C]// USENIX Security Symposium. USENIX Association, 2018.
[6]
Feist J, Greico G, Groce A . Slither: A Static Analysis Framework For Smart Contracts[C]// 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 2019.
[7]
Mythril. https://github.com/ConsenSys/mythril, 2019.
[8]
Octopus. https:/lgithub.com/quoscient/octopus, 2019.
[9]
Collberg C,Thomborson C,Low D.A Taxonomy of Obfuscating Transformations[R].New Zealand:Dept.of Computer Science,University of Auckland,TR:148,1997.
[10]
Barak B.On the(Im)possibility of Obfuscating Programs[C].Proc.of 21st Ann.Int'l Cryptology Conf.,2001:1-18.
[11]
Zhang P, Yu Q, Xiao Y, BiAn: Smart Contract Source Code Obfuscation[J]. IEEE Transactions on Software Engineering, 2023.
[12]
M. Zhang, P. Zhang, X. Luo and F. Xiao, "Source Code Obfuscation for Smart Contracts," 2020 27th Asia-Pacific Software Engineering Conference (APSEC), Singapore, Singapore, 2020, pp. 513-514.
[13]
S.Banescu, C.Collberg, V.Ganesh, Z.Newsham, and A. Pretschner, Code obfuscation against symbolic execution attacks, ACSAC’16, p 189-200,2016.
[14]
Kakelli Anil Kumar, Aena Verma, Hritish Kumar, "Smart Contract Obfuscation Technique to Enhance Code Security and Prevent Code Reusability", International Journal of Mathematical Sciences and Computing(IJMSC), Vol.8, No.3, pp. 30-36, 2022.
[15]
Yan, Wentian, Jianbo Gao, Zhenhao Wu, Yue Li, Zhi Guan, Qingshan Li and Zhong Chen. “EShield: protect smart contracts against reverse engineering.” Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (2020): n. pag.
[16]
László, Tihanyi and Ákos Kiss. “OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING.” (2009).
[17]
FANG Lei, WU Zehui, WEI Qiang. Review of binary code similarity detection technology[J]. Computer Science, 2021, 48(5):8
Recommendations
The Sword of Damocles: Upgradeable Smart Contract in Ethereum
ICPC '24: Proceedings of the 32nd IEEE/ACM International Conference on Program ComprehensionAlthough smart contracts are immutable once they are deployed, the reality is that they need upgrades to fix bugs or add new features. Nowadays, there are a few upgrade methods in Ethereum, some of which can change the contract without changing the ...
Smart contract watermarking based on code obfuscation
AbstractMost blockchains are entirely open-source software. This gives auditors ability to review the security of cryptocurrencies such as Bitcoin. Because only after the source code of the cryptocurrency has been publicly audited by the market, users ...
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
Comments
Information & Contributors
Information
Published In
December 2023
266 pages
ISBN:9798400709043
DOI:10.1145/3638985
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 March 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICIT 2023
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 33Total Downloads
- Downloads (Last 12 months)33
- Downloads (Last 6 weeks)13
Reflects downloads up to 01 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format