BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

Xiao YI; Yuzhou FANG; Daoyuan WU; Lingxiao JIANG

doi:10.14722/ndss.2023.24222

BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

Xiao YI
, Yuzhou FANG
, Daoyuan WU^*
, Lingxiao JIANG

^*Corresponding author for this work

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

12 Citations (Scopus)

Abstract

Due to the open-source nature of the blockchain ecosystem, it is common for new blockchains to fork or partially reuse the code of classic blockchains. For example, the popular Dogecoin, Litecoin, Binance BSC, and Polygon are all variants of Bitcoin/Ethereum. These “forked” blockchains thus could encounter similar vulnerabilities that are propagated from Bitcoin/Ethereum during forking or subsequently commit fetching. In this paper, we conduct a systematic study of detecting and investigating the propagated vulnerabilities in forked blockchain projects. To facilitate this study, we propose BlockScope, a novel tool that can effectively and efficiently detect multiple types of cloned vulnerabilities given an input of existing Bitcoin/Ethereum security patches. Specifically, BlockScope adopts similarity-based code match and designs a new way of calculating code similarity to cover all the syntax-wide variant (i.e., Type-1, Type-2, and Type-3) clones. Moreover, BlockScope automatically extracts and leverages the contexts of patch code to narrow down the search scope and locate only potentially relevant code for comparison.
Our evaluation shows that BlockScope achieves good precision and high recall both at 91.8% (1.8 times higher recall than that in the state-of-the-art ReDeBug while with close precision). BlockScope allows us to discover 101 previously unknown vulnerabilities in 13 out of the 16 forked projects of Bitcoin and Ethereum, including 16 from Dogecoin, 6 from Litecoin, 1 from Binance BSC, and 4 from Optimism. We have reported all the vulnerabilities to their developers; 40 of them have been patched or accepted, 66 were acknowledged or under pending, and only 4 were rejected. We further investigate the propagation and patching processes of discovered vulnerabilities, and reveal three types of vulnerability propagation from source to forked projects, as well as the long delay (mostly over 200 days) for releasing patches in Bitcoin forks (vs. ∼100 days for Ethereum forks).

Original language	English
Title of host publication	Proceedings: 2023 Network and Distributed Systems Security Symposium
Publisher	Internet Society
Chapter	Session 5B: Blockchains II
Number of pages	16
ISBN (Electronic)	1891562835
DOIs	https://doi.org/10.14722/ndss.2023.24222
Publication status	Published - 2023
Externally published	Yes
Event	30th Annual Network and Distributed System Security Symposium - San Diego, United States Duration: 27 Feb 2023 → 3 Mar 2023

Symposium

Symposium	30th Annual Network and Distributed System Security Symposium
Abbreviated title	NDSS 2023
Country/Territory	United States
City	San Diego
Period	27/02/23 → 3/03/23

Bibliographical note

Acknowledgment:
We would like to thank all the reviewers for their valuable comments and constructive suggestions to this paper.

Publisher Copyright:
© 2023 30th Annual Network and Distributed System Security Symposium, NDSS 2023. All Rights Reserved.

Funding

This work was partially supported by a direct grant (ref. no. 4055127) from The Chinese University of Hong Kong.

Access to Document

10.14722/ndss.2023.24222Licence: Unspecified

Cite this

@inproceedings{9fbd696e547c43dfa178c1306203a13a,

title = "BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects",

abstract = "Due to the open-source nature of the blockchain ecosystem, it is common for new blockchains to fork or partially reuse the code of classic blockchains. For example, the popular Dogecoin, Litecoin, Binance BSC, and Polygon are all variants of Bitcoin/Ethereum. These “forked” blockchains thus could encounter similar vulnerabilities that are propagated from Bitcoin/Ethereum during forking or subsequently commit fetching. In this paper, we conduct a systematic study of detecting and investigating the propagated vulnerabilities in forked blockchain projects. To facilitate this study, we propose BlockScope, a novel tool that can effectively and efficiently detect multiple types of cloned vulnerabilities given an input of existing Bitcoin/Ethereum security patches. Specifically, BlockScope adopts similarity-based code match and designs a new way of calculating code similarity to cover all the syntax-wide variant (i.e., Type-1, Type-2, and Type-3) clones. Moreover, BlockScope automatically extracts and leverages the contexts of patch code to narrow down the search scope and locate only potentially relevant code for comparison. Our evaluation shows that BlockScope achieves good precision and high recall both at 91.8\% (1.8 times higher recall than that in the state-of-the-art ReDeBug while with close precision). BlockScope allows us to discover 101 previously unknown vulnerabilities in 13 out of the 16 forked projects of Bitcoin and Ethereum, including 16 from Dogecoin, 6 from Litecoin, 1 from Binance BSC, and 4 from Optimism. We have reported all the vulnerabilities to their developers; 40 of them have been patched or accepted, 66 were acknowledged or under pending, and only 4 were rejected. We further investigate the propagation and patching processes of discovered vulnerabilities, and reveal three types of vulnerability propagation from source to forked projects, as well as the long delay (mostly over 200 days) for releasing patches in Bitcoin forks (vs. ∼100 days for Ethereum forks).",

author = "Xiao YI and Yuzhou FANG and Daoyuan WU and Lingxiao JIANG",

note = "Acknowledgment: We would like to thank all the reviewers for their valuable comments and constructive suggestions to this paper. Publisher Copyright: {\textcopyright} 2023 30th Annual Network and Distributed System Security Symposium, NDSS 2023. All Rights Reserved.; 30th Annual Network and Distributed System Security Symposium, NDSS 2023 ; Conference date: 27-02-2023 Through 03-03-2023",

year = "2023",

doi = "10.14722/ndss.2023.24222",

language = "English",

booktitle = "Proceedings: 2023 Network and Distributed Systems Security Symposium",

publisher = "Internet Society",

}

TY - GEN

T1 - BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

AU - YI, Xiao

AU - FANG, Yuzhou

AU - WU, Daoyuan

AU - JIANG, Lingxiao

N1 - Acknowledgment: We would like to thank all the reviewers for their valuable comments and constructive suggestions to this paper. Publisher Copyright: © 2023 30th Annual Network and Distributed System Security Symposium, NDSS 2023. All Rights Reserved.

PY - 2023

Y1 - 2023

N2 - Due to the open-source nature of the blockchain ecosystem, it is common for new blockchains to fork or partially reuse the code of classic blockchains. For example, the popular Dogecoin, Litecoin, Binance BSC, and Polygon are all variants of Bitcoin/Ethereum. These “forked” blockchains thus could encounter similar vulnerabilities that are propagated from Bitcoin/Ethereum during forking or subsequently commit fetching. In this paper, we conduct a systematic study of detecting and investigating the propagated vulnerabilities in forked blockchain projects. To facilitate this study, we propose BlockScope, a novel tool that can effectively and efficiently detect multiple types of cloned vulnerabilities given an input of existing Bitcoin/Ethereum security patches. Specifically, BlockScope adopts similarity-based code match and designs a new way of calculating code similarity to cover all the syntax-wide variant (i.e., Type-1, Type-2, and Type-3) clones. Moreover, BlockScope automatically extracts and leverages the contexts of patch code to narrow down the search scope and locate only potentially relevant code for comparison. Our evaluation shows that BlockScope achieves good precision and high recall both at 91.8% (1.8 times higher recall than that in the state-of-the-art ReDeBug while with close precision). BlockScope allows us to discover 101 previously unknown vulnerabilities in 13 out of the 16 forked projects of Bitcoin and Ethereum, including 16 from Dogecoin, 6 from Litecoin, 1 from Binance BSC, and 4 from Optimism. We have reported all the vulnerabilities to their developers; 40 of them have been patched or accepted, 66 were acknowledged or under pending, and only 4 were rejected. We further investigate the propagation and patching processes of discovered vulnerabilities, and reveal three types of vulnerability propagation from source to forked projects, as well as the long delay (mostly over 200 days) for releasing patches in Bitcoin forks (vs. ∼100 days for Ethereum forks).

AB - Due to the open-source nature of the blockchain ecosystem, it is common for new blockchains to fork or partially reuse the code of classic blockchains. For example, the popular Dogecoin, Litecoin, Binance BSC, and Polygon are all variants of Bitcoin/Ethereum. These “forked” blockchains thus could encounter similar vulnerabilities that are propagated from Bitcoin/Ethereum during forking or subsequently commit fetching. In this paper, we conduct a systematic study of detecting and investigating the propagated vulnerabilities in forked blockchain projects. To facilitate this study, we propose BlockScope, a novel tool that can effectively and efficiently detect multiple types of cloned vulnerabilities given an input of existing Bitcoin/Ethereum security patches. Specifically, BlockScope adopts similarity-based code match and designs a new way of calculating code similarity to cover all the syntax-wide variant (i.e., Type-1, Type-2, and Type-3) clones. Moreover, BlockScope automatically extracts and leverages the contexts of patch code to narrow down the search scope and locate only potentially relevant code for comparison. Our evaluation shows that BlockScope achieves good precision and high recall both at 91.8% (1.8 times higher recall than that in the state-of-the-art ReDeBug while with close precision). BlockScope allows us to discover 101 previously unknown vulnerabilities in 13 out of the 16 forked projects of Bitcoin and Ethereum, including 16 from Dogecoin, 6 from Litecoin, 1 from Binance BSC, and 4 from Optimism. We have reported all the vulnerabilities to their developers; 40 of them have been patched or accepted, 66 were acknowledged or under pending, and only 4 were rejected. We further investigate the propagation and patching processes of discovered vulnerabilities, and reveal three types of vulnerability propagation from source to forked projects, as well as the long delay (mostly over 200 days) for releasing patches in Bitcoin forks (vs. ∼100 days for Ethereum forks).

UR - https://www.scopus.com/pages/publications/85166937760

U2 - 10.14722/ndss.2023.24222

DO - 10.14722/ndss.2023.24222

M3 - Conference paper (refereed)

AN - SCOPUS:85166937760

BT - Proceedings: 2023 Network and Distributed Systems Security Symposium

PB - Internet Society

T2 - 30th Annual Network and Distributed System Security Symposium

Y2 - 27 February 2023 through 3 March 2023

ER -

BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

Abstract

Symposium

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this