MultiTagging: A Vulnerable Smart Contract Labeling and Evaluation Framework

Shikah J. Alsunaidi; Hamoud Aljamaan; Mohammad Hammoudeh

doi:10.3390/electronics13234616

MultiTagging: A Vulnerable Smart Contract Labeling and Evaluation Framework

Shikah J. Alsunaidi, Hamoud Aljamaan^*, Mohammad Hammoudeh

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

Identifying vulnerabilities in Smart Contracts (SCs) is crucial, as they can lead to significant financial losses if exploited. Although various SC vulnerability identification methods exist, selecting the most effective approach remains challenging. This article examines these challenges and introduces solutions to enhance SC vulnerability identification. It introduces MultiTagging, a modular SC multi-labeling framework designed to overcome limitations in existing SC vulnerability identification approaches. MultiTagging automates SC vulnerability tagging by parsing analysis reports and mapping tool-specific tags to standardized labels, including SC Weakness Classification (SWC) codes and Decentralized Application Security Project (DASP) ranks. Its mapping strategy and the proposed vulnerability taxonomy resolve tool-level labeling inconsistencies, where different tools use distinct labels for identical vulnerabilities. The framework integrates an evaluation module to assess SC vulnerability identification methods. MultiTagging enables both tool-based and vote-based SC vulnerability labeling. To improve labeling accuracy, the article proposes Power-based voting, a method that systematically defines voter roles and voting thresholds for each vulnerability. MultiTagging is used to evaluate labeling across six tools: MAIAN, Mythril, Semgrep, Slither, Solhint, and VeriSmart. The results reveal high coverage for Mythril, Slither, and Solhint, which identified eight, seven, and six DASP classes, respectively. Tool performance varied, underscoring the impracticality of relying on a single tool to identify all vulnerability classes. A comparative evaluation of Power-based voting and two threshold-based methods—AtLeastOne and Majority voting—shows that while voting methods can increase vulnerability identification coverage, they may also reduce detection performance. Power-based voting proved more effective than pure threshold-based methods across all vulnerability classes.

Original language	English
Article number	4616
Journal	Electronics (Switzerland)
Volume	13
Issue number	23
DOIs	https://doi.org/10.3390/electronics13234616
State	Published - Dec 2024

Bibliographical note

Publisher Copyright:
© 2024 by the authors.

Keywords

blockchain
data analysis
data annotation
smart contract
software security
vulnerability identification
vulnerability taxonomy

ASJC Scopus subject areas

Control and Systems Engineering
Signal Processing
Hardware and Architecture
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.3390/electronics13234616

Cite this

@article{90f22ee168ab42a6ac82b4291913b11d,

title = "MultiTagging: A Vulnerable Smart Contract Labeling and Evaluation Framework",

abstract = "Identifying vulnerabilities in Smart Contracts (SCs) is crucial, as they can lead to significant financial losses if exploited. Although various SC vulnerability identification methods exist, selecting the most effective approach remains challenging. This article examines these challenges and introduces solutions to enhance SC vulnerability identification. It introduces MultiTagging, a modular SC multi-labeling framework designed to overcome limitations in existing SC vulnerability identification approaches. MultiTagging automates SC vulnerability tagging by parsing analysis reports and mapping tool-specific tags to standardized labels, including SC Weakness Classification (SWC) codes and Decentralized Application Security Project (DASP) ranks. Its mapping strategy and the proposed vulnerability taxonomy resolve tool-level labeling inconsistencies, where different tools use distinct labels for identical vulnerabilities. The framework integrates an evaluation module to assess SC vulnerability identification methods. MultiTagging enables both tool-based and vote-based SC vulnerability labeling. To improve labeling accuracy, the article proposes Power-based voting, a method that systematically defines voter roles and voting thresholds for each vulnerability. MultiTagging is used to evaluate labeling across six tools: MAIAN, Mythril, Semgrep, Slither, Solhint, and VeriSmart. The results reveal high coverage for Mythril, Slither, and Solhint, which identified eight, seven, and six DASP classes, respectively. Tool performance varied, underscoring the impracticality of relying on a single tool to identify all vulnerability classes. A comparative evaluation of Power-based voting and two threshold-based methods—AtLeastOne and Majority voting—shows that while voting methods can increase vulnerability identification coverage, they may also reduce detection performance. Power-based voting proved more effective than pure threshold-based methods across all vulnerability classes.",

keywords = "blockchain, data analysis, data annotation, smart contract, software security, vulnerability identification, vulnerability taxonomy",

author = "Alsunaidi, {Shikah J.} and Hamoud Aljamaan and Mohammad Hammoudeh",

note = "Publisher Copyright: {\textcopyright} 2024 by the authors.",

year = "2024",

month = dec,

doi = "10.3390/electronics13234616",

language = "English",

volume = "13",

journal = "Electronics (Switzerland)",

issn = "2079-9292",

publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",

number = "23",

}

TY - JOUR

T1 - MultiTagging

T2 - A Vulnerable Smart Contract Labeling and Evaluation Framework

AU - Alsunaidi, Shikah J.

AU - Aljamaan, Hamoud

AU - Hammoudeh, Mohammad

PY - 2024/12

Y1 - 2024/12

N2 - Identifying vulnerabilities in Smart Contracts (SCs) is crucial, as they can lead to significant financial losses if exploited. Although various SC vulnerability identification methods exist, selecting the most effective approach remains challenging. This article examines these challenges and introduces solutions to enhance SC vulnerability identification. It introduces MultiTagging, a modular SC multi-labeling framework designed to overcome limitations in existing SC vulnerability identification approaches. MultiTagging automates SC vulnerability tagging by parsing analysis reports and mapping tool-specific tags to standardized labels, including SC Weakness Classification (SWC) codes and Decentralized Application Security Project (DASP) ranks. Its mapping strategy and the proposed vulnerability taxonomy resolve tool-level labeling inconsistencies, where different tools use distinct labels for identical vulnerabilities. The framework integrates an evaluation module to assess SC vulnerability identification methods. MultiTagging enables both tool-based and vote-based SC vulnerability labeling. To improve labeling accuracy, the article proposes Power-based voting, a method that systematically defines voter roles and voting thresholds for each vulnerability. MultiTagging is used to evaluate labeling across six tools: MAIAN, Mythril, Semgrep, Slither, Solhint, and VeriSmart. The results reveal high coverage for Mythril, Slither, and Solhint, which identified eight, seven, and six DASP classes, respectively. Tool performance varied, underscoring the impracticality of relying on a single tool to identify all vulnerability classes. A comparative evaluation of Power-based voting and two threshold-based methods—AtLeastOne and Majority voting—shows that while voting methods can increase vulnerability identification coverage, they may also reduce detection performance. Power-based voting proved more effective than pure threshold-based methods across all vulnerability classes.

AB - Identifying vulnerabilities in Smart Contracts (SCs) is crucial, as they can lead to significant financial losses if exploited. Although various SC vulnerability identification methods exist, selecting the most effective approach remains challenging. This article examines these challenges and introduces solutions to enhance SC vulnerability identification. It introduces MultiTagging, a modular SC multi-labeling framework designed to overcome limitations in existing SC vulnerability identification approaches. MultiTagging automates SC vulnerability tagging by parsing analysis reports and mapping tool-specific tags to standardized labels, including SC Weakness Classification (SWC) codes and Decentralized Application Security Project (DASP) ranks. Its mapping strategy and the proposed vulnerability taxonomy resolve tool-level labeling inconsistencies, where different tools use distinct labels for identical vulnerabilities. The framework integrates an evaluation module to assess SC vulnerability identification methods. MultiTagging enables both tool-based and vote-based SC vulnerability labeling. To improve labeling accuracy, the article proposes Power-based voting, a method that systematically defines voter roles and voting thresholds for each vulnerability. MultiTagging is used to evaluate labeling across six tools: MAIAN, Mythril, Semgrep, Slither, Solhint, and VeriSmart. The results reveal high coverage for Mythril, Slither, and Solhint, which identified eight, seven, and six DASP classes, respectively. Tool performance varied, underscoring the impracticality of relying on a single tool to identify all vulnerability classes. A comparative evaluation of Power-based voting and two threshold-based methods—AtLeastOne and Majority voting—shows that while voting methods can increase vulnerability identification coverage, they may also reduce detection performance. Power-based voting proved more effective than pure threshold-based methods across all vulnerability classes.

KW - blockchain

KW - data analysis

KW - data annotation

KW - smart contract

KW - software security

KW - vulnerability identification

KW - vulnerability taxonomy

UR - http://www.scopus.com/inward/record.url?scp=85211948742&partnerID=8YFLogxK

U2 - 10.3390/electronics13234616

DO - 10.3390/electronics13234616

M3 - Article

AN - SCOPUS:85211948742

SN - 2079-9292

VL - 13

JO - Electronics (Switzerland)

JF - Electronics (Switzerland)

IS - 23

M1 - 4616

ER -

MultiTagging: A Vulnerable Smart Contract Labeling and Evaluation Framework

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this