CATALOGO DEI PRODOTTI DELLA RICERCA

A blockchain is a trustless system in an environment populated by untrusted peers. Code deployed in blockchain as a smart contract should be cautious when invoking contracts of other peers as they might introduce several risks and unexpected issues. This paper presents an information flow-based approach for detecting cross-contract invocations to untrusted contracts, written in general-purpose languages, that could lead to arbitrary code executions and store any results coming from them. The analysis is implemented in GoLiSA, a static analyzer for Go. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to untrusted cross-contract invocations on a significant benchmark suite of smart contracts written in Go for Hyperledger Fabric, an enterprise framework for blockchain solutions.

Static Detection of Untrusted Cross-Contract Invocations in Go Smart Contracts

Olivieri, Luca;Negrini, Luca;Arceri, Vincenzo;Ferrara, Pietro;Cortesi, Agostino;Spoto, Fausto
2025-01-01

Abstract

A blockchain is a trustless system in an environment populated by untrusted peers. Code deployed in blockchain as a smart contract should be cautious when invoking contracts of other peers as they might introduce several risks and unexpected issues. This paper presents an information flow-based approach for detecting cross-contract invocations to untrusted contracts, written in general-purpose languages, that could lead to arbitrary code executions and store any results coming from them. The analysis is implemented in GoLiSA, a static analyzer for Go. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to untrusted cross-contract invocations on a significant benchmark suite of smart contracts written in Go for Hyperledger Fabric, an enterprise framework for blockchain solutions.
2025
979-8-4007-0629-5
Cross-contract Invocation
Delegate Call
External Contract Call
Static Analysis
Abstract Interpretation
Blockchain
Distributed ledger technology
Smart Contracts
04.01 Contributo in atti di convegno
File in questo prodotto:
File Dimensione Formato  
3672608.3707728.pdf

accesso aperto

Descrizione: main article text
Tipologia: Versione dell'editore
Licenza: Copyright dell'editore
Dimensione 1.35 MB
Formato Adobe PDF
Visualizza/Apri
1.35 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/1169268
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact