How effective can we detect software vulnerabilities using code clones? - A Case Study on Ethereum Smart Contracts

Smart contracts are self-executing programs that are deployed on blockchain platforms to provide services and handle transactions. Solidity contracts exhibit different code characteristics compared to software projects written in conventional programming languages and have a much higher level of code-to-clone ratio. These differences can impose a wider spread of security risks, and cloned code snippets may suffer from the same security problems as their cloned counterpart. In this thesis, we have conducted an empirical study on the effectiveness of leveraging code detection techniques to identify software vulnerabilities in the Solidity contract code. We have experimented with a set of configuration tuning approaches while keeping everything else constant. After carefully tuning these configurations, the tools tuned under the context-specific tuning approaches can achieve significant improvement while detecting vulnerabilities. This thesis highlighted the need for further research into context-specific clone detection and management and motivating studies in the domain of blockchain-based applications.