Publication Details
CoinWatch: A Clone-Based Approach for Detecting Vulnerabilities in Cryptocurrencies
clone detection, cryptocurrencies, security, vulnerability propagation
Cryptocurrencies have become very popular in recent years. Thousands of new
cryptocurrencies have emerged, proposing new and novel techniques that improve on
Bitcoin's core innovation of the blockchain data structure and consensus
mechanism. However, cryptocurrencies are a major target for cyber-attacks, as
they can be sold on exchanges anonymously and most cryptocurrencies have their
codebases publicly available. One particular issue is the prevalence of code
clones in cryptocurrencies, which may amplify security threats. If
a vulnerability is found in one cryptocurrency, it might be propagated into other
cloned cryptocurrencies. In this work, we propose a systematic remedy to this
problem, and we propose CoinWatch (CW). Given a reported vulnerability at the
input, CW uses the code evolution analysis and a clone detection technique for
indication of cryptocurrencies that might be vulnerable. We applied CW on 1094
cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in
384 projects, which were confirmed with developers and successfully reported as
CVE extensions.
@inproceedings{BUT168144,
author="HUM, Q. and TAN, W. and TEY, S. and LENUS, L. and HOMOLIAK, I. and LIN, Y. and SUN, J.",
title="CoinWatch: A Clone-Based Approach for Detecting Vulnerabilities in Cryptocurrencies",
booktitle="3rd IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN (BLOCKCHAIN 2020)",
year="2020",
pages="17--25",
publisher="Institute of Electrical and Electronics Engineers",
address="Rhodos",
doi="10.1109/Blockchain50366.2020.00011",
isbn="978-0-7381-0495-9",
url="http://dx.doi.org/10.1109/Blockchain50366.2020.00011"
}