Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
11-2020
Abstract
Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, called COINWATCH (CW). Given a reported vulnerability at the input, CW uses the code evolution analysis and a clone detection technique for the indication of cryptocurrencies that might be vulnerable. We applied CW on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.
Keywords
Blockchains, cryptocurrencies, data privacy, software maintenance
Discipline
Information Security | Software Engineering | Technology and Innovation
Research Areas
Software and Cyber-Physical Systems
Publication
2020 3rd IEEE International Conference on Blockchain: November 2-6, Rhodes, Greece: Proceedings
First Page
17
Last Page
25
ISBN
9780738104959
Identifier
10.1109/Blockchain50366.2020.00011
Publisher
IEEE
City or Country
Piscataway, NJ
Embargo Period
7-8-2021
Citation
HUM, Qingze; TAN, Wei Jin; TEY, Shi Ying; LENUS, Latasha; HOMOLIAK, Ivan; LIN, Yun; and SUN, Jun.
CoinWatch: A clone-based approach for detecting vulnerabilities in cryptocurrencies. (2020). 2020 3rd IEEE International Conference on Blockchain: November 2-6, Rhodes, Greece: Proceedings. 17-25.
Available at: https://ink.library.smu.edu.sg/sis_research/6031
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/Blockchain50366.2020.00011
Included in
Information Security Commons, Software Engineering Commons, Technology and Innovation Commons