State of Web3 security : analysis of vulnerabilities in bug bounty reports

Detalhes bibliográficos
Autor(a) principal: Melo, Ana Rita Amorim
Data de Publicação: 2023
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/20.500.11960/3913
Resumo: Web3 has its basis in blockchain and smart contract technologies, supporting secure, distributed, and decentralized applications. Nonetheless, Web3 is still in the process of evolution, and, as with any other software-based product, software bugs, security flaws, and other vulnerabilities are expected to appear. This thesis analyzes the severity of security vulnerabilities in Web3 based on publicly available bug reports. Furthermore, an evaluation of several vulnerability detection tools in smart contracts is carried out. Finally, a plugin is developed that allows integration with a smart contract testing tool. Through this analysis, it is possible to obtain a comprehensive view of the evolution and trends related to the number of reports presented, growth by platform, severity classification, and amounts paid for discovering and reporting vulnerabilities. The plugin developed as part of this study provides an additional tool to improve the security and reliability of Web3-based applications.
id RCAP_e1153ef953bff5cff499d216d3ee2760
oai_identifier_str oai:repositorio.ipvc.pt:20.500.11960/3913
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling State of Web3 security : analysis of vulnerabilities in bug bounty reportsWeb3BlockchainSmart contractEthereumWeb3 has its basis in blockchain and smart contract technologies, supporting secure, distributed, and decentralized applications. Nonetheless, Web3 is still in the process of evolution, and, as with any other software-based product, software bugs, security flaws, and other vulnerabilities are expected to appear. This thesis analyzes the severity of security vulnerabilities in Web3 based on publicly available bug reports. Furthermore, an evaluation of several vulnerability detection tools in smart contracts is carried out. Finally, a plugin is developed that allows integration with a smart contract testing tool. Through this analysis, it is possible to obtain a comprehensive view of the evolution and trends related to the number of reports presented, growth by platform, severity classification, and amounts paid for discovering and reporting vulnerabilities. The plugin developed as part of this study provides an additional tool to improve the security and reliability of Web3-based applications.A Web3 tem como base a tecnologias blockchain e os contratos inteligentes, suportando aplica??es seguras, distribu?das e descentralizadas. No entanto, o Web3 ainda est? em processo de evolu??o e, tal como acontece com qualquer outro produto baseado em software, ? expect?vel bugs de software, falhas de seguran?a e outras vulnerabilidades. Esta tese analisa a severidade das vulnerabilidades de seguran?a na Web3 com base em relat?rios de bugs dispon?veis publicamente. Para al?m disso, ? realizada uma avalia??o de diversas ferramentas de detec??o de vulnerabilidades em contratos inteligentes. Por fim, ? desenvolvido um plugin que permite a integra??o com uma ferramenta de teste de contratos inteligentes. Atrav?s desta an?lise ? poss?vel obter uma vis?o abrangente da evolu??o e tend?ncias relacionadas ao n?mero de relat?rios apresentados, crescimento por plataforma, classifica??o o de severidade e valores pagos por descoberta e submiss?o de vulnerabilidades. O plugin desenvolvido como parte deste estudo fornece uma ferramenta adicional para melhorar a seguran?a e confiabilidade de aplica??es baseadas em Web3.2024-02-05T13:41:07Z2023-12-18T00:00:00Z2023-12-18info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/3913TID:203514149engMelo, Ana Rita Amoriminfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-02-08T11:49:28Zoai:repositorio.ipvc.pt:20.500.11960/3913Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T02:36:48.648475Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv State of Web3 security : analysis of vulnerabilities in bug bounty reports
title State of Web3 security : analysis of vulnerabilities in bug bounty reports
spellingShingle State of Web3 security : analysis of vulnerabilities in bug bounty reports
Melo, Ana Rita Amorim
Web3
Blockchain
Smart contract
Ethereum
title_short State of Web3 security : analysis of vulnerabilities in bug bounty reports
title_full State of Web3 security : analysis of vulnerabilities in bug bounty reports
title_fullStr State of Web3 security : analysis of vulnerabilities in bug bounty reports
title_full_unstemmed State of Web3 security : analysis of vulnerabilities in bug bounty reports
title_sort State of Web3 security : analysis of vulnerabilities in bug bounty reports
author Melo, Ana Rita Amorim
author_facet Melo, Ana Rita Amorim
author_role author
dc.contributor.author.fl_str_mv Melo, Ana Rita Amorim
dc.subject.por.fl_str_mv Web3
Blockchain
Smart contract
Ethereum
topic Web3
Blockchain
Smart contract
Ethereum
description Web3 has its basis in blockchain and smart contract technologies, supporting secure, distributed, and decentralized applications. Nonetheless, Web3 is still in the process of evolution, and, as with any other software-based product, software bugs, security flaws, and other vulnerabilities are expected to appear. This thesis analyzes the severity of security vulnerabilities in Web3 based on publicly available bug reports. Furthermore, an evaluation of several vulnerability detection tools in smart contracts is carried out. Finally, a plugin is developed that allows integration with a smart contract testing tool. Through this analysis, it is possible to obtain a comprehensive view of the evolution and trends related to the number of reports presented, growth by platform, severity classification, and amounts paid for discovering and reporting vulnerabilities. The plugin developed as part of this study provides an additional tool to improve the security and reliability of Web3-based applications.
publishDate 2023
dc.date.none.fl_str_mv 2023-12-18T00:00:00Z
2023-12-18
2024-02-05T13:41:07Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/20.500.11960/3913
TID:203514149
url http://hdl.handle.net/20.500.11960/3913
identifier_str_mv TID:203514149
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137419396644864

Registros relacionados