Abstract
Web3 has its basis in blockchain and smart contract technologies, supporting secure, distributed, and decentralized applications. Nonetheless, Web3 is still in the process of evolution, and, as with any other software-based product, software bugs, security flaws, and other vulnerabilities are expected to appear. This paper performs a severity analysis of Web3 security vulnerabilities based on publicly available bug reports. Through this analysis, it is feasible to obtain an overview of the evolution and trends regarding the number of reports delivered, growth by platform, severity classification, and the amounts paid for discovering and reporting vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alchemy: Web3 Developer Report Q4 2022 (2022). https://www.alchemy.com/blog/web3-developer-report-q4-2022
Cao, L.: Decentralized AI: edge intelligence and smart blockchain, metaverse, Web3, and DeSci. IEEE Intell. Syst. 37(3), 6–19 (2022). https://doi.org/10.1109/MIS.2022.3181504
Connelly, D.S.: Smart contract vulnerabilities on the ethereum blockchain: a current perspective. Ph.D. thesis, Portland State University (2020)
Gupta, R.: Hands-On Cybersecurity with Blockchain: Implement DDoS Protection, PKI-Based Identity, 2FA, and DNS Security Using Blockchain. Packt Publishing (2018). https://books.google.pt/books?id=upBiDwAAQBAJ
Marchesi, L., Marchesi, M., Pompianu, L., Tonelli, R.: Security checklists for ethereum smart contract development: patterns and best practices (2020). https://arxiv.org/pdf/2008.04761.pdf
Lucas, G.: Poly Network attack: here’s what happened to biggest DeFi hack in history. CoinGeek (2021). https://coingeek.com/poly-network-attack-heres-what-happened-to-biggest-defi-hack-in-history/
Malwa, S.: DeFi protocol qubit finance exploited for \$80M. CoinDesk (2022). https://www.coindesk.com/markets/2022/01/28/defi-protocol-qubit-finance-exploited-for-80m/
Matulevicius, N., Cordeiro, L.C.: Verifying security vulnerabilities for blockchain-based smart contracts. In: 2021 XI Brazilian Symposium on Computing Systems Engineering (SBESC), pp. 1–8 (2021). https://doi.org/10.1109/SBESC53686.2021.9628229
Park, A., Wilson, M., Robson, K., Demetis, D., Kietzmann, J.: Interoperability: our exciting and terrifying Web3 future. Bus. Horiz. 66(4), 529–541 (2022). https://doi.org/10.1016/j.bushor.2022.10.005. https://www.sciencedirect.com/science/article/pii/S0007681322001318
Pise, R., Patil, S.: A deep dive into blockchain-based smart contract-specific security vulnerabilities. In: 2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS), pp. 1–6 (2022). https://doi.org/10.1109/ICBDS53701.2022.9935949
Sapna, Prashar, D.: Analysis on blockchain vulnerabilities & attacks on wallet. In: 2021 3rd International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), pp. 1515–1521 (2021). https://doi.org/10.1109/ICAC3N53548.2021.9725403
Snegireva, D.A.: Review of modern vulnerabilities in blockchain systems. In: 2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT &QM &IS), pp. 117–121 (2021). https://doi.org/10.1109/ITQMIS53292.2021.9642862
William, J.: Blockchain: The Simple Guide to Everything You Need to Know. CreateSpace Independent Publishing Platform (2016). https://books.google.pt/books?id=xYauDAEACAAJ
Acknowledgements
This work was partially supported by the Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within the project “Cybers SeC IP” (NORTE-01-0145-FEDER-000044).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Melo, R., Pinto, P., Pinto, A. (2023). Severity Analysis of Web3 Security Vulnerabilities Based on Publicly Bug Reports. In: Machado, J.M., et al. Blockchain and Applications, 5th International Congress. BLOCKCHAIN 2023. Lecture Notes in Networks and Systems, vol 778. Springer, Cham. https://doi.org/10.1007/978-3-031-45155-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-45155-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45154-6
Online ISBN: 978-3-031-45155-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)