Automated Runtime Verification of Security for E-Commerce Smart Contracts
As a novel decentralized computing paradigm, blockchain is expected to disrupt the existing e-commerce architecture and process. Secure smart contracts are the crucial foundation for e-commerce based on blockchain. However, vulnerabilities in smart contracts occur from time to time and cause signifi...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-04-01
|
| Series: | Journal of Theoretical and Applied Electronic Commerce Research |
| Subjects: | |
| Online Access: | https://www.mdpi.com/0718-1876/20/2/73 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1839653584184016896 |
|---|---|
| author | Yang Liu Shengjie Zhang Yan Ma |
| author_facet | Yang Liu Shengjie Zhang Yan Ma |
| author_sort | Yang Liu |
| collection | DOAJ |
| description | As a novel decentralized computing paradigm, blockchain is expected to disrupt the existing e-commerce architecture and process. Secure smart contracts are the crucial foundation for e-commerce based on blockchain. However, vulnerabilities in smart contracts occur from time to time and cause significant financial losses in e-commerce. Some static verification methods have been developed to guarantee security for e-commerce smart contracts at design time, but they cannot support complex scenarios at runtime. As a lightweight verification method, runtime verification is a potential method for secure e-commerce smart contracts. The existing runtime verification methods are based on the manual instrument, which leads to additional overheads and gas consumption. To deal with this, we propose a passive learning-based runtime verification framework for e-commerce smart contracts. Firstly, by exploring the Genetic algorithm to evolve state merging and automaton reorganizing in order to simultaneously split time and gas behaviors, we propose a passive learning method to model runtime information for e-commerce smart contracts (PL4ESC). It directly learns P<sup>2</sup>TA (priced probabilistic timed automaton) from runtime traces without any prior knowledge. Then, we integrate PL4ESC with the open-source PAT (Process Analysis Toolkit) to automatically verify the security of runtime e-commerce smart contracts. The experiments show that PL4ESC is better at accuracy and precision than state-of-the-art passive learning methods. It improves accuracy by 1 to 4 percent compared to TAG and RTI+. As far as we know, it is not only the first learning method that can learn a P<sup>2</sup>TA from traces, but it is also the first automated runtime verification framework for e-commerce smart contracts. This will provide security guarantees for blockchain-based e-commerce. |
| format | Article |
| id | doaj-art-994b44c9d39a42b68e204f2485ebb58e |
| institution | Matheson Library |
| issn | 0718-1876 |
| language | English |
| publishDate | 2025-04-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Journal of Theoretical and Applied Electronic Commerce Research |
| spelling | doaj-art-994b44c9d39a42b68e204f2485ebb58e2025-06-25T14:03:39ZengMDPI AGJournal of Theoretical and Applied Electronic Commerce Research0718-18762025-04-012027310.3390/jtaer20020073Automated Runtime Verification of Security for E-Commerce Smart ContractsYang Liu0Shengjie Zhang1Yan Ma2Institute of Logistics Science and Engineering, Shanghai Maritime University, Shanghai 201306, ChinaInstitute of Logistics Science and Engineering, Shanghai Maritime University, Shanghai 201306, ChinaSchool of Accounting, Nanjing University of Finance and Economics, Nanjing 210023, ChinaAs a novel decentralized computing paradigm, blockchain is expected to disrupt the existing e-commerce architecture and process. Secure smart contracts are the crucial foundation for e-commerce based on blockchain. However, vulnerabilities in smart contracts occur from time to time and cause significant financial losses in e-commerce. Some static verification methods have been developed to guarantee security for e-commerce smart contracts at design time, but they cannot support complex scenarios at runtime. As a lightweight verification method, runtime verification is a potential method for secure e-commerce smart contracts. The existing runtime verification methods are based on the manual instrument, which leads to additional overheads and gas consumption. To deal with this, we propose a passive learning-based runtime verification framework for e-commerce smart contracts. Firstly, by exploring the Genetic algorithm to evolve state merging and automaton reorganizing in order to simultaneously split time and gas behaviors, we propose a passive learning method to model runtime information for e-commerce smart contracts (PL4ESC). It directly learns P<sup>2</sup>TA (priced probabilistic timed automaton) from runtime traces without any prior knowledge. Then, we integrate PL4ESC with the open-source PAT (Process Analysis Toolkit) to automatically verify the security of runtime e-commerce smart contracts. The experiments show that PL4ESC is better at accuracy and precision than state-of-the-art passive learning methods. It improves accuracy by 1 to 4 percent compared to TAG and RTI+. As far as we know, it is not only the first learning method that can learn a P<sup>2</sup>TA from traces, but it is also the first automated runtime verification framework for e-commerce smart contracts. This will provide security guarantees for blockchain-based e-commerce.https://www.mdpi.com/0718-1876/20/2/73blockchaine-commercesmart contractpassive learningruntime verification |
| spellingShingle | Yang Liu Shengjie Zhang Yan Ma Automated Runtime Verification of Security for E-Commerce Smart Contracts Journal of Theoretical and Applied Electronic Commerce Research blockchain e-commerce smart contract passive learning runtime verification |
| title | Automated Runtime Verification of Security for E-Commerce Smart Contracts |
| title_full | Automated Runtime Verification of Security for E-Commerce Smart Contracts |
| title_fullStr | Automated Runtime Verification of Security for E-Commerce Smart Contracts |
| title_full_unstemmed | Automated Runtime Verification of Security for E-Commerce Smart Contracts |
| title_short | Automated Runtime Verification of Security for E-Commerce Smart Contracts |
| title_sort | automated runtime verification of security for e commerce smart contracts |
| topic | blockchain e-commerce smart contract passive learning runtime verification |
| url | https://www.mdpi.com/0718-1876/20/2/73 |
| work_keys_str_mv | AT yangliu automatedruntimeverificationofsecurityforecommercesmartcontracts AT shengjiezhang automatedruntimeverificationofsecurityforecommercesmartcontracts AT yanma automatedruntimeverificationofsecurityforecommercesmartcontracts |