Skip to content
/ BlockScope Public

A search-based patch vs. code similarity analysis tool for discovering 100+ vulnerabilities in top blockchains

www.ndss-symposium.org/ndss-paper/blockscope

License

LGPL-2.1 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VPRLab/BlockScope

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

The vulnerability reports are available at https://github.com/VPRLab/BlkVulnReport.

Overview

BlockScope is the implementation of the paper titled "BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects" published in NDSS'23. BlockScope is a novel tool designed to automatically detect vulnerable code clones and pinpoint the cases already fixed and their patching process information.

Usage

You can find the NDSS paper via this link, and please consider citing our paper if it's helpful to you.

@INPROCEEDINGS{BLKSCP23,
 AUTHOR = {Xiao Yi and Yuzhou Fang and Daoyuan Wu and Lingxiao Jiang},
 TITLE = {{BlockScope}: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects},
 BOOKTITLE = {Proc. ISOC NDSS},
 YEAR = {2023},
}

Get Started

Prerequisites

  • We ran our experiments on Ubuntu 18.04.
  • We used Python 3.10 to develop BlockScope.
  • BlockScope relies on requests, GitPython, PyGithub, nltk, strsimpy, selenium and PyDriller. All the essential packages are listed in requirements.txt.

There are steps to locally build BlockScope.

git clone [email protected]:VPRLab/BlockScope.git && cd BlockScope/src
pip install -r requirements.txt

Quick Start

There are two files for specifying the inputs for investigating Bitcoin and Ethereum forked projects, i.e., inputs_bitcoin.py and inputs_ethereum.py, respectively.

You need to first config the directory's path that stores these code repositories, e.g., for inputs_bitcoin.py:

bitcoin_repo_dir = '/Users/xiao/PyCharmProjects/BlockScopeCodebase/BitcoinForks'

Then, you need to set the IS_BITCOIN value in the configs.py to True if you want to investigate Bitcoin's forked projects:

IS_BITCOIN = True # False for investigating Ethereum's forked projects

Moreover, if you also want to investigate the delay in fixing a clone vulnerability in the forked projects, you can specify these values in the configs.py:

DRIVER_PATH = '' # The path for selenium web driver
GITHUB_TOKEN = '' # Token for accessing GitHub
CALC_DELAY = True

Finally, you can run block_scope.py by executing the following command:

python ./block_scope.py

About

A search-based patch vs. code similarity analysis tool for discovering 100+ vulnerabilities in top blockchains

www.ndss-symposium.org/ndss-paper/blockscope

Topics

bitcoin ethereum blockchain vulnerability

Resources

Readme

License

LGPL-2.1 license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages