BiAn: Smart Contract Source Code Obfuscation

• Published in: IEEE transactions on software engineering Vol. 49; no. 9; pp. 4456 - 4476
• Main Authors: Zhang, Pengcheng, Yu, Qifan, Xiao, Yan, Dong, Hai, Luo, Xiapu, Wang, Xiao, Zhang, Meng
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.09.2023; IEEE Computer Society
• Subjects: Blockchain; Codes; Complexity; Complexity theory; Contracts; Datasets; Ethereum; Failure rates; Intellectual property; Layout; obfuscation; Property rights; Security; smart contract; Smart contracts; Source code; Source coding
• ISSN: 0098-5589; 1939-3520
• DOI: 10.1109/TSE.2023.3298609

With the rising prominence of smart contracts, security attacks targeting them have increased, posing severe threats to their security and intellectual property rights. Existing simplistic datasets hinder effective vulnerability detection, raising security concerns. To address these challenges, we propose BiAn , a source code level smart contract obfuscation method that generates complex vulnerability test datasets. BiAn protects contracts by obfuscating data flows, control flows, and code layouts, increasing complexity and making it harder for attackers to discover vulnerabilities. Our experiments with buggy contracts showed an average complexity enhancement of approximately 174% after obfuscation. Decompilers Vandal and Gigahorse had total failure rate increments of 38.8% and 40.5% respectively. Obfuscated contracts also decreased vulnerability detection rates in more than 50% of cases for ten widely-used static analysis detection tools.