Advancing Blockchain Security: from Vulnerability Detection to Transaction Revocation.

Smart contracts are software built with immature development tools and/or by developers who usually resort to smart contract-specific languages like Solidity, with which they tend to lack adequate expertise. Despite the existence of tools for vulnerability detection, recent works have shown they are ineffective and fail to prevent vulnerable contracts from being deployed. As a result, the blockchain is full of immutable bugs associated with incorrect information that may need to be revoked. This Ph.D. aims at advancing the security of blockchain applications by creating a security assurance framework composed of tools and techniques for building blockchain systems on which we can rely. The objective is two-fold: i) detection of vulnerabilities in smart contracts and ii) handling the generally inevitable presence of undetected residual faults and vulnerabilities in smart contracts. Thus, we aim at accomplishing: i) the creation of a representative and reusable vulnerability model for blockchain systems; ii) the definition of a vulnerability injection approach for blockchain systems; iii) the proposal of a benchmark for smart contract vulnerability detection tools; iv) the proposal of techniques for creating effective smart contract vulnerability detection tools, based on an ensemble of heterogeneous tools; and finally v) the proposal of automatic techniques for efficient and secure blockchain transaction revocation.