Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains
Upgradeable smart contracts (USCs) have become a key trend in smart contract development, bringing flexibility to otherwise immutable code. However, they also introduce security concerns. On the one hand, they require extensive security knowledge to implement in a secure fashion. On the other hand,...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8167 https://ink.library.smu.edu.sg/context/sis_research/article/9170/viewcontent/usenixsecurity23_bodell.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9170 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-91702023-09-26T10:34:37Z Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains BODELL, William E III MEISAMI, Sajad DUAN, Yue Upgradeable smart contracts (USCs) have become a key trend in smart contract development, bringing flexibility to otherwise immutable code. However, they also introduce security concerns. On the one hand, they require extensive security knowledge to implement in a secure fashion. On the other hand, they provide new strategic weapons for malicious activities. Thus, it is crucial to fully understand them, especially their security implications in the real-world. To this end, we conduct a large-scale study to systematically reveal the status quo of USCs in the wild. To achieve our goal, we develop a complete USC taxonomy to comprehensively characterize the unique behaviors of USCs and further develop USCHUNT, an automated USC analysis framework for supporting our study. Our study aims to answer three sets of essential research questions regarding USC importance, design patterns, and security issues. Our results show that USCs are of great importance to today’s blockchain as they hold billions of USD worth of digital assets. Moreover, our study summarizes eleven unique design patterns of USCs, and discovers a total of 2,546 real-world USC-related security and safety issues in six major categories. 2023-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8167 https://ink.library.smu.edu.sg/context/sis_research/article/9170/viewcontent/usenixsecurity23_bodell.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security BODELL, William E III MEISAMI, Sajad DUAN, Yue Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| description |
Upgradeable smart contracts (USCs) have become a key trend in smart contract development, bringing flexibility to otherwise immutable code. However, they also introduce security concerns. On the one hand, they require extensive security knowledge to implement in a secure fashion. On the other hand, they provide new strategic weapons for malicious activities. Thus, it is crucial to fully understand them, especially their security implications in the real-world. To this end, we conduct a large-scale study to systematically reveal the status quo of USCs in the wild. To achieve our goal, we develop a complete USC taxonomy to comprehensively characterize the unique behaviors of USCs and further develop USCHUNT, an automated USC analysis framework for supporting our study. Our study aims to answer three sets of essential research questions regarding USC importance, design patterns, and security issues. Our results show that USCs are of great importance to today’s blockchain as they hold billions of USD worth of digital assets. Moreover, our study summarizes eleven unique design patterns of USCs, and discovers a total of 2,546 real-world USC-related security and safety issues in six major categories. |
| format |
text |
| author |
BODELL, William E III MEISAMI, Sajad DUAN, Yue |
| author_facet |
BODELL, William E III MEISAMI, Sajad DUAN, Yue |
| author_sort |
BODELL, William E III |
| title |
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| title_short |
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| title_full |
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| title_fullStr |
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| title_full_unstemmed |
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| title_sort |
proxy hunting: understanding and characterizing proxy-based upgradeable smart contracts in blockchains |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8167 https://ink.library.smu.edu.sg/context/sis_research/article/9170/viewcontent/usenixsecurity23_bodell.pdf |
| _version_ |
1779157189715296256 |