Litcius/Paper detail

<i>BiAn:</i> Smart Contract Source Code Obfuscation

Pengcheng Zhang, Qifan Yu, Yan Xiao, Hai Dong, Xiapu Luo, Xiao Wang, Meng Zhang

2023IEEE Transactions on Software Engineering11 citationsDOI

Abstract

With the rising prominence of smart contracts, security attacks targeting them have increased, posing severe threats to their security and intellectual property rights. Existing simplistic datasets hinder effective vulnerability detection, raising security concerns. To address these challenges, we propose <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">BiAn</i> , a source code level smart contract obfuscation method that generates complex vulnerability test datasets. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">BiAn</i> protects contracts by obfuscating data flows, control flows, and code layouts, increasing complexity and making it harder for attackers to discover vulnerabilities. Our experiments with buggy contracts showed an average complexity enhancement of approximately 174% after obfuscation. Decompilers Vandal and Gigahorse had total failure rate increments of 38.8% and 40.5% respectively. Obfuscated contracts also decreased vulnerability detection rates in more than 50% of cases for ten widely-used static analysis detection tools.

Topics & Concepts

ObfuscationComputer scienceVulnerability (computing)Computer securitySource codeCode (set theory)Programming languageSet (abstract data type)Advanced Malware Detection TechniquesSecurity and Verification in ComputingAdversarial Robustness in Machine Learning