Titulo Estágio
A Benchmark for Smart Contract Verification Tools
Áreas de especialidade
Engenharia de Software
Local do Estágio
DEI-FCTUC
Enquadramento
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects and vulnerabilities in these contracts has notably been the cause of failures, including severe security problems. An effective approach for building more secure blockchain systems is to prevent smart contracts from being developed with vulnerabilities. Smart contract verifications tools are used to detect faults and vulnerabilities in smart contracts, but their effectiveness is questionable.
Objetivo
In this work, we aim to build a benchmark for the evaluation of smart contract verification tools. To do so, it is required to build a knowledge base regarding the most frequent software fault and vulnerabilities in smart contracts, common and possible security attacks to blockchain systems, in particular threats that target smart contracts (e.g., an integer overflow). This knowledge will then be used to build a fault injection tool. The tool will then be used to build a dataset of faulty and vulnerable smart contracts to be used as input to benchmark the verification tools. To do so, we need to collect a representative and extensive set of smart contracts and generate their faulty versions (i.e., contracts holding specific types of bugs). The benchmark may help in improving the verification tools' effectiveness and aid developers to choose the best smart contract verification tool for their needs.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1): Knowledge transfer and state of the art review on blockchain systems, smart contract, security vulnerabilities, security, smart contract verification tools).
T2 (M2): Collect data regarding the reported vulnerabilities and attacks to smart contracts, analysis of the collected data, and complete existing fault and attack models.
T3 (M3-M4): Complete the implementation of an existing fault injection tool
T4 (M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T1 (M6-M7): Collect representative smart contracts to complete an existing dataset of smart contracts and generate the faulty contracts to build a comprehensive and representative dataset for the benchmark.
T2 (M7-M8): Select, install, and configure different types of smart contract verification tools and run the benchmark.
T3 (M9): Collect and analyze the results.
T4 (M10): Writing the thesis.
T5 Write a research paper for submission (and presentation) to a related international conference.
Condições
The selected student will be integrated into the Software and Systems Engineering group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a workplace and necessary computer resources will be provided.
Observações
Please contact the advisors for any questions or clarification needed.
Advisors: Naghmeh Ivaki (naghmeh@dei.uc.pt), Nuno Laranjeiro (cnl@dei.uc.pt)
Orientador
Naghmeh Ivaki
naghmeh@dei.uc.pt 📩