English

CoinWatch: A Clone-Based Approach For Detecting Vulnerabilities in Cryptocurrencies

Cryptography and Security 2020-10-29 v2

Abstract

Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, and we propose CoinWatch (CW). Given a reported vulnerability at the input, CW uses the code evolution analysis and a clone detection technique for indication of cryptocurrencies that might be vulnerable. We applied CW on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.

Keywords

Cite

@article{arxiv.2006.10280,
  title  = {CoinWatch: A Clone-Based Approach For Detecting Vulnerabilities in Cryptocurrencies},
  author = {Qingze Hum and Wei Jin Tan and Shi Ying Tey and Latasha Lenus and Ivan Homoliak and Yun Lin and Jun Sun},
  journal= {arXiv preprint arXiv:2006.10280},
  year   = {2020}
}
R2 v1 2026-06-23T16:25:20.988Z