Wang et al., 2025 - Google Patents
The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract UpgradesWang et al., 2025
View PDF- Document ID
- 309280516411170182
- Author
- Wang D
- He J
- Wu S
- Zhou Y
- Wu L
- Wang C
- Publication year
- Publication venue
- arXiv preprint arXiv:2508.02145
External Links
Snippet
Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While …
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | When chatgpt meets smart contract vulnerability detection: How far are we? | |
| Chen et al. | SODA: A Generic Online Detection Framework for Smart Contracts. | |
| Hossain et al. | Combating dependence explosion in forensic analysis using alternative tag propagation semantics | |
| Bodell III et al. | Proxy hunting: Understanding and characterizing proxy-based upgradeable smart contracts in blockchains | |
| Praitheeshan et al. | Security analysis methods on ethereum smart contract vulnerabilities: a survey | |
| Liu et al. | Finding permission bugs in smart contracts with role mining | |
| US11409862B2 (en) | Intrusion detection and prevention for unknown software vulnerabilities using live patching | |
| Ghaleb et al. | eTainter: detecting gas-related vulnerabilities in smart contracts | |
| Wyss et al. | Wolf at the door: Preventing install-time attacks in npm with latch | |
| CN106682497B (en) | The system and method for secure execution code under supervisor mode | |
| Vidal et al. | OpenSCV: an open hierarchical taxonomy for smart contract vulnerabilities | |
| Chen et al. | Demystifying invariant effectiveness for securing smart contracts | |
| Ruaro et al. | Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts. | |
| Muralee et al. | {ARGUS}: A framework for staged static taint analysis of {GitHub} workflows and actions | |
| Wang et al. | A systematic literature review on smart contract vulnerability detection by symbolic execution | |
| Chen et al. | To healthier ethereum: A comprehensive and iterative smart contract weakness enumeration | |
| Munir et al. | Pre-deployment Analysis of Smart Contracts--A Survey | |
| Ohm et al. | You can run but you can't hide: Runtime protection against malicious package updates for Node. js | |
| Ren et al. | Lookahead: Preventing defi attacks via unveiling adversarial contracts | |
| Duan et al. | TEEFuzzer: A fuzzing framework for trusted execution environments with heuristic seed mutation | |
| Popchev et al. | Auditing blockchain smart contracts | |
| Liu et al. | Demystifying the characteristics for smart contract upgrades | |
| Staderini et al. | Security evaluation and improvement of solidity smart contracts | |
| Rezaei et al. | Sok: Root cause of $1 billion loss in smart contract real-world attacks via a systematic literature review of vulnerabilities | |
| Shafiuzzaman et al. | STASE: Static analysis guided symbolic execution for UEFI vulnerability signature generation |