Definition and Detection of Centralization Defects in Smart Contracts

In recent years, security incidents stemming from centralization defects in smart contracts have led to substantial financial losses. A centralization defect refers to any error, flaw, or fault in a smart contract's design or development stage that introduces a single point of failure. Such def...

Full description

Saved in:
Bibliographic Details
Published inProceedings / International Conference on Software Engineering pp. 3035 - 3047
Main Authors Lin, Zewei, Chen, Jiachi, Wu, Jiajing, Zhang, Weizhe, Zheng, Zibin
Format Conference Proceeding
LanguageEnglish
Published IEEE 26.04.2025
Subjects
Blockchains
Centralization Defects
Codes
Defects Definition and Detection
Focusing
Manuals
Security
Semantic Analysis
Semantics
Smart contracts
Software engineering
Sorting
Source coding
Online AccessGet full text

Cover

More Information
Summary:In recent years, security incidents stemming from centralization defects in smart contracts have led to substantial financial losses. A centralization defect refers to any error, flaw, or fault in a smart contract's design or development stage that introduces a single point of failure. Such defects allow a specific account or user to disrupt the normal operations of smart contracts, potentially causing malfunctions or even complete project shutdowns. Despite the significance of this issue, most current smart contract analyses overlook centralization defects, focusing primarily on other types of defects. To address this gap, our paper introduces six types of centralization defects in smart contracts by manually analyzing 597 Stack Exchange posts and 117 audit reports. For each defect, we provide a detailed description and code examples to illustrate its characteristics and potential impacts. Additionally, we introduce a tool named CDRipper (Centralization Defects Ripper) designed to identify the defined centralization defects. Specifically, CDRipper constructs a permission dependency graph (PDG) and extracts the permission dependencies of functions from the source code of smart contracts. It then detects the sensitive operations in functions and identifies centralization defects based on predefined patterns. We conduct a large-scale experiment using CDRipper on 244,424 real-world smart contracts and evaluate the results based on a manually labeled dataset. Our findings reveal that 82,446 contracts contain at least one of the six centralization defects, with our tool achieving an overall precision of 93.7%.
ISSN:1558-1225
DOI:10.1109/ICSE55347.2025.00058