VOLCANO: Detecting Vulnerabilities of Ethereum Smart Contracts Using Code Clone Analysis (2203.00769v1)

Abstract: Ethereum Smart Contracts based on Blockchain Technology (BT) enables monetary transactions among peers on a blockchain network independent of a central authorizing agency. Ethereum Smart Contracts are programs that are deployed as decentralized applications, having the building blocks of the blockchain consensus protocol. This enables consumers to make agreements in a transparent and conflict-free environment. However, there exist some security vulnerabilities within these smart contracts that are a potential threat to the applications and their consumers and have shown in the past to cause huge financial losses. This paper presents a framework and empirical analysis that use code clone detection techniques for identifying vulnerabilities and their variations in smart contracts. Our empirical analysis is conducted using the Nicad code clone detection tool on a dataset of approximately 50k Ethereum smart contracts. We evaluated VOLCANO on two datasets, one with confirmed vulnerabilities and another with approximately 50k random smart contracts collected from the Etherscan. Our approach shows an improvement in the detection of vulnerabilities in terms of coverage and efficiency when compared to two of the publicly available static analyzers to detect vulnerabilities in smart contracts. To the best of our knowledge, this is the first study that uses a clone detection technique to identify vulnerabilities and their evolution in Ethereum smart contracts.