Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
8-2023
Abstract
Upgradeable smart contracts (USCs) have become a key trend in smart contract development, bringing flexibility to otherwise immutable code. However, they also introduce security concerns. On the one hand, they require extensive security knowledge to implement in a secure fashion. On the other hand, they provide new strategic weapons for malicious activities. Thus, it is crucial to fully understand them, especially their security implications in the real-world. To this end, we conduct a large-scale study to systematically reveal the status quo of USCs in the wild. To achieve our goal, we develop a complete USC taxonomy to comprehensively characterize the unique behaviors of USCs and further develop USCHUNT, an automated USC analysis framework for supporting our study. Our study aims to answer three sets of essential research questions regarding USC importance, design patterns, and security issues. Our results show that USCs are of great importance to today’s blockchain as they hold billions of USD worth of digital assets. Moreover, our study summarizes eleven unique design patterns of USCs, and discovers a total of 2,546 real-world USC-related security and safety issues in six major categories.
Discipline
Information Security
Research Areas
Cybersecurity; Information Systems and Management
Publication
Proceedings of the 32nd USENIX Security Symposium, California, USA, 2023 August 9-11
City or Country
US
Citation
BODELL, William E III; MEISAMI, Sajad; and DUAN, Yue.
Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains. (2023). Proceedings of the 32nd USENIX Security Symposium, California, USA, 2023 August 9-11.
Available at: https://ink.library.smu.edu.sg/sis_research/8167
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.