Smart contract security is essential for blockchain applications. While studies indicate that few reported vulnerabilities are exploited, no follow-up study has been performed to delve into the reasons behind this phenomenon. We aim to understand the reasons for the low exploitation rate to enhance vulnerability detection practices. We first collect 136,969 real-world smart contracts and analyze them using seven vulnerability detectors. Then, we apply Strauss’ grounded theory to gain insights into exploitability. Furthermore, we analyze transaction logs to identify exploitations in history.  Among the 4,364 smart contracts reported as vulnerable by the vulnerability detectors, a noteworthy 75.25% were found to be unexploitable. Merely 66 (0.015%) exploitable contracts have been exploited. We uncover 11 reasons leading to reporting unexploitable vulnerabilities. Additionally, we identified five factors that could potentially reduce the likelihood of exploitable contracts being targeted. Our findings emphasize the importance of not merely treating smart contracts as conventional object-oriented (OO) applications. Researchers need to account for the unique aspects of the Solidity language, the design principles underpinning smart contracts, and specific execution environments. This nuanced approach is essential for minimizing the occurrence of reporting unexploitable vulnerabilities. Based on the study's insights, we propose six recommendations to enhance smart contract vulnerability detection, prioritization, and mitigation.  

Cyber-physical systems are becoming more intelligent with the adoption of heterogeneous sensor networks and machine learning capabilities that deal with an increasing amount of input data. While this complexity aims to solve problems in various domains, it adds new challenges for the system assurance. One is the rise of the number of abnormal behaviors that affect system performance due to possible sensor faults and attacks. The combination of safety risks, which are usually caused by random sensor faults and security risks, which can happen at any random state of the systems, makes the full coverage testing of the cyber-physical system to be challenging. Existing techniques are inadequate to deal with complex, safety and security co-risks on cyber-physical systems. In this paper, we propose AST-SafeSec, an analysis methodology for both safety and security aspects, which utilizes reinforcement learning to identify the most-likely adversarial paths at various normal or failure states of a cyber-physical system that can influence system behavior through its sensor data. The methodology is evaluated using an autonomous vehicle scenario by incorporating security attack into the stochastic sensor elements of the vehicle. Evaluation results show that the methodology analyzes the interaction of malicious actions with random faults, and identifies the incident caused by the interactions and the most-likely path that leads to the incident.

A document by Jakob Svennevik Notland . Click on the document to view its contents.

Blockchain as a disruptive technology and a driver for social change has exhibited great potential to promote sustainable practices and help organizations and governments achieve the United Nations’ Sustainable Development Goals (SDGs). Literature reviews on blockchain and sustainability exist, but they often focus only on topics related to one or a few SDGs. There is a need to consolidate existing results in terms of SDGs and provide a comprehensive overview of the impacts that blockchain technology may have on each SDG. This paper intends to bridge this gap, presenting a tertiary review based on 34 existing literature reviews, to investigate the relationship between blockchain and sustainability in light of SDGs. The method used is a consensus-based expert elicitation with thematic analysis. The findings include a novel and comprehensive mapping of impact-based interlinkage of blockchain and SDGs and a systematic overview of drivers and barriers to adopting blockchain for sustainability. The findings reveal that blockchain can have a positive impact on all 17 SDGs through technological innovations though some negative effects can occur and impede the achievement of certain objectives. 73 positive and 10 negative linkages between blockchain adoption and the 17 SDGs as well as 45 factors that drive or hinder blockchain adoption for the achievement of SDGs have been identified. Research gaps to overcome the barriers and enhance blockchain’s positive impacts have also been identified. The findings may help managers in evaluating the applicability and tradeoffs and policymakers in making supportive measures to facilitate sustainability using blockchain.