Static Detection of Untrusted Cross-Contract Invocations in Go Smart Contracts
Saved in:
| Title: | Static Detection of Untrusted Cross-Contract Invocations in Go Smart Contracts |
|---|---|
| Authors: | Luca Olivieri, Luca Negrini, Vincenzo Arceri, Pietro Ferrara, Agostino Cortesi, Fausto Spoto |
| Source: | Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing. :338-347 |
| Publisher Information: | ACM, 2025. |
| Publication Year: | 2025 |
| Subject Terms: | Smart Contracts, Delegate Call, Blockchain, Static Analysis, Abstract Interpretation, Cross-contract Invocation, Delegate Call, External Contract Call, Static Analysis, Abstract Interpretation, Blockchain, Distributed ledger technology, Smart Contracts, Distributed ledger technology, Cross-contract Invocation, External Contract Call |
| Description: | A blockchain is a trustless system in an environment populated by untrusted peers. Code deployed in blockchain as a smart contract should be cautious when invoking contracts of other peers as they might introduce several risks and unexpected issues. This paper presents an information flow-based approach for detecting cross-contract invocations to untrusted contracts, written in general-purpose languages, that could lead to arbitrary code executions and store any results coming from them. The analysis is implemented in GoLiSA, a static analyzer for Go. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to untrusted cross-contract invocations on a significant benchmark suite of smart contracts written in Go for Hyperledger Fabric, an enterprise framework for blockchain solutions. |
| Document Type: | Article Conference object |
| File Description: | application/pdf |
| DOI: | 10.1145/3672608.3707728 |
| Rights: | CC BY |
| Accession Number: | edsair.doi.dedup.....0387405bf69a8fc4ce0a47f7c6b91be1 |
| Database: | OpenAIRE |
Nájsť tento článok vo Web of Science | Abstract: | A blockchain is a trustless system in an environment populated by untrusted peers. Code deployed in blockchain as a smart contract should be cautious when invoking contracts of other peers as they might introduce several risks and unexpected issues. This paper presents an information flow-based approach for detecting cross-contract invocations to untrusted contracts, written in general-purpose languages, that could lead to arbitrary code executions and store any results coming from them. The analysis is implemented in GoLiSA, a static analyzer for Go. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to untrusted cross-contract invocations on a significant benchmark suite of smart contracts written in Go for Hyperledger Fabric, an enterprise framework for blockchain solutions. |
|---|---|
| DOI: | 10.1145/3672608.3707728 |