TY - JOUR
T1 - SolGuard
T2 - preventing external call issues in smart contract-based multi-agent robotic systems
AU - Praitheeshan, Purathani
AU - Pan, Lei
AU - Zheng, Xi
AU - Jolfaei, Alireza
AU - Doss, Robin
PY - 2021/11
Y1 - 2021/11
N2 - In the new era of blockchain-based multi-agent robotic systems, smart contract programs perform an influential role in implementing decentralized applications with required task allocations. Smart contract programs are developed using script-type of programming languages, and they have already deployed several vulnerable patterns without proper testing and audit. We studied Solidity smart contracts running on the Ethereum platform and identified that they had been exploited because of several programming issues, especially using low-level external calls to malicious sources. Since smart contracts are immutable after their deployment to autonomous multi-robot systems, they should be tested to fix possible development phase issues. We implemented a prototype plugin called SolGuard by extending the solhint linter to prevent three critical issues related to Solidity smart contract programs’ usage of external calls. The SolGuard plugin checks state variable order in the smart contracts, participation of delegatecall invocations, address type parameters in the smart contract's constructor, and denial of service patterns. We empirically evaluate the SolGuard plugin with existing popular static analysis tools. Our results indicate that SolGuard outperformed the baseline tools in terms of efficiency and accuracy.
AB - In the new era of blockchain-based multi-agent robotic systems, smart contract programs perform an influential role in implementing decentralized applications with required task allocations. Smart contract programs are developed using script-type of programming languages, and they have already deployed several vulnerable patterns without proper testing and audit. We studied Solidity smart contracts running on the Ethereum platform and identified that they had been exploited because of several programming issues, especially using low-level external calls to malicious sources. Since smart contracts are immutable after their deployment to autonomous multi-robot systems, they should be tested to fix possible development phase issues. We implemented a prototype plugin called SolGuard by extending the solhint linter to prevent three critical issues related to Solidity smart contract programs’ usage of external calls. The SolGuard plugin checks state variable order in the smart contracts, participation of delegatecall invocations, address type parameters in the smart contract's constructor, and denial of service patterns. We empirically evaluate the SolGuard plugin with existing popular static analysis tools. Our results indicate that SolGuard outperformed the baseline tools in terms of efficiency and accuracy.
KW - Blockchain-based autonomous robotics systems
KW - Smart contract
KW - Security vulnerabilities
KW - Solidity
KW - External call
UR - http://www.scopus.com/inward/record.url?scp=85113659620&partnerID=8YFLogxK
U2 - 10.1016/j.ins.2021.08.007
DO - 10.1016/j.ins.2021.08.007
M3 - Article
AN - SCOPUS:85113659620
SN - 0020-0255
VL - 579
SP - 150
EP - 166
JO - Information Sciences
JF - Information Sciences
ER -