Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

11-2020

Abstract

Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, called COINWATCH (CW). Given a reported vulnerability at the input, CW uses the code evolution analysis and a clone detection technique for the indication of cryptocurrencies that might be vulnerable. We applied CW on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.

Keywords

Blockchains, cryptocurrencies, data privacy, software maintenance

Discipline

Information Security | Software Engineering | Technology and Innovation

Research Areas

Software and Cyber-Physical Systems

Publication

2020 3rd IEEE International Conference on Blockchain: November 2-6, Rhodes, Greece: Proceedings

First Page

17

Last Page

25

ISBN

9780738104959

Identifier

10.1109/Blockchain50366.2020.00011

Publisher

IEEE

City or Country

Piscataway, NJ

Embargo Period

7-8-2021

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/Blockchain50366.2020.00011

Share

COinS