CRII: SaTC: Discerning the Upgradeability of Smart Contracts in Blockchains From a Security Perspective
Illinois Institute Of Technology, Chicago IL
Investigators
Abstract
Smart contracts in blockchains, which store cryptocurrencies and tokens worth billions of USD, have transformed many important aspects of our lives, such as finance and gaming. Smart contracts are widely believed to have strong security guarantees as they are immutable once deployed, not even the owner of the contract can change its code. However, a new type of smart contract, namely upgradeable smart contract (USC), allows developers to upgrade the logic of their smart contracts and practically breaks the security assumption. This special type of smart contract has become increasingly prominent and has been adopted by many major companies (e.g., Compound Finance and Opensea.io). Despite the importance, there exists no comprehensive research that studies the status quo of USCs in the wild and even worse, the emerging security risks that are associated with upgradeability. This project conducts a series of novel studies to discern the upgradeability of smart contracts in the real world. Specifically, it answers three essential research questions regarding the importance of USCs in the current market, different design patterns and their strengths and weaknesses, and more importantly, the real-world security risks with USCs. To do so, this project pioneers a practical static analysis-based approach to effectively detect USCs based on intrinsic characteristics, and perform further automatic behavior and security analyses. To differentiate USC design patterns, this project develops a complete taxonomy that can systematically characterize USCs at both syntactic and semantic levels. Moreover, the investigator conducts the first extensive and large-scale study on USCs to uncover and report unique designs and security risks in the real world. Eventually, this project creates the first comprehensive USC dataset that facilitates future research in this emerging direction. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →