BiAn: Smart Contract Source Code Obfuscation

Pengcheng Zhang; Qifan Yu; Yan Xiao; Hai Dong; Xiapu Luo; Zijie Chen; Shuhao Qi

BiAn: Smart Contract Source Code Obfuscation

Pengcheng Zhang, Qifan Yu, Yan Xiao, Hai Dong, Xiapu Luo, Zijie Chen, Shuhao Qi

Department of Computing

Research output: Journal article publication › Journal article › Academic research › peer-review

4 Citations (Scopus)

Abstract

With the rising prominence of smart contracts, security attacks targeting them have increased, posing severe threats to their security and intellectual property rights. Existing simplistic datasets hinder effective vulnerability detection, raising security concerns. To address these challenges, we propose BiAn , a source code level smart contract obfuscation method that generates complex vulnerability test datasets. BiAn protects contracts by obfuscating data flows, control flows, and code layouts, increasing complexity and making it harder for attackers to discover vulnerabilities. Our experiments with buggy contracts showed an average complexity enhancement of approximately 174% after obfuscation. Decompilers Vandal and Gigahorse had total failure rate increments of 38.8% and 40.5% respectively. Obfuscated contracts also decreased vulnerability detection rates in more than 50% of cases for ten widely-used static analysis detection tools.

Original language	English
Pages (from-to)	4456 - 4476
Journal	IEEE Transactions on Software Engineering
Volume	49
Issue number	9
Publication status	Published - 27 Jul 2023

Cite this

@article{82b8643e6cf649ad8c5a1c47a8eaeab6,

title = "BiAn: Smart Contract Source Code Obfuscation",

abstract = "With the rising prominence of smart contracts, security attacks targeting them have increased, posing severe threats to their security and intellectual property rights. Existing simplistic datasets hinder effective vulnerability detection, raising security concerns. To address these challenges, we propose BiAn , a source code level smart contract obfuscation method that generates complex vulnerability test datasets. BiAn protects contracts by obfuscating data flows, control flows, and code layouts, increasing complexity and making it harder for attackers to discover vulnerabilities. Our experiments with buggy contracts showed an average complexity enhancement of approximately 174% after obfuscation. Decompilers Vandal and Gigahorse had total failure rate increments of 38.8% and 40.5% respectively. Obfuscated contracts also decreased vulnerability detection rates in more than 50% of cases for ten widely-used static analysis detection tools.",

author = "Pengcheng Zhang and Qifan Yu and Yan Xiao and Hai Dong and Xiapu Luo and Zijie Chen and Shuhao Qi",

year = "2023",

month = jul,

day = "27",

language = "English",

volume = "49",

pages = "4456 -- 4476",

journal = "IEEE Transactions on Software Engineering",

issn = "0098-5589",

publisher = "IEEE",

number = "9",

}

TY - JOUR

T1 - BiAn: Smart Contract Source Code Obfuscation

AU - Zhang, Pengcheng

AU - Yu, Qifan

AU - Xiao, Yan

AU - Dong, Hai

AU - Luo, Xiapu

AU - Chen, Zijie

AU - Qi, Shuhao

PY - 2023/7/27

Y1 - 2023/7/27

N2 - With the rising prominence of smart contracts, security attacks targeting them have increased, posing severe threats to their security and intellectual property rights. Existing simplistic datasets hinder effective vulnerability detection, raising security concerns. To address these challenges, we propose BiAn , a source code level smart contract obfuscation method that generates complex vulnerability test datasets. BiAn protects contracts by obfuscating data flows, control flows, and code layouts, increasing complexity and making it harder for attackers to discover vulnerabilities. Our experiments with buggy contracts showed an average complexity enhancement of approximately 174% after obfuscation. Decompilers Vandal and Gigahorse had total failure rate increments of 38.8% and 40.5% respectively. Obfuscated contracts also decreased vulnerability detection rates in more than 50% of cases for ten widely-used static analysis detection tools.

AB - With the rising prominence of smart contracts, security attacks targeting them have increased, posing severe threats to their security and intellectual property rights. Existing simplistic datasets hinder effective vulnerability detection, raising security concerns. To address these challenges, we propose BiAn , a source code level smart contract obfuscation method that generates complex vulnerability test datasets. BiAn protects contracts by obfuscating data flows, control flows, and code layouts, increasing complexity and making it harder for attackers to discover vulnerabilities. Our experiments with buggy contracts showed an average complexity enhancement of approximately 174% after obfuscation. Decompilers Vandal and Gigahorse had total failure rate increments of 38.8% and 40.5% respectively. Obfuscated contracts also decreased vulnerability detection rates in more than 50% of cases for ten widely-used static analysis detection tools.

M3 - Journal article

SN - 0098-5589

VL - 49

SP - 4456

EP - 4476

JO - IEEE Transactions on Software Engineering

JF - IEEE Transactions on Software Engineering

IS - 9

ER -

BiAn: Smart Contract Source Code Obfuscation

Abstract

Fingerprint

Cite this