• Corpus ID: 201645142

Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey

@article{Praitheeshan2019SecurityAM,
  title={Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey},
  author={Purathani Praitheeshan and Lei Pan and Jiangshan Yu and Joseph K. Liu and Robin Ram Mohan Doss},
  journal={ArXiv},
  year={2019},
  volume={abs/1908.08605}
}
Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and hold a significant amount of cryptocurrency to perform trusted transactions and agreements. Millions of dollars as part of the assets held by the smart contracts were stolen or frozen through the notorious… 

A Survey of Security Vulnerabilities in Ethereum Smart Contracts

TLDR
Eight vulnerabilities that are specific to the application level of BT are explained by analyzing the past exploitation case scenarios of these security vulnerabilities by investigating the availability of detection tools for identifying these vulnerabilities and lack thereof.

The State of Ethereum Smart Contracts Security: Vulnerabilities, Countermeasures, and Tool Support

TLDR
The findings indicate that a uniform set of smart contract vulnerability definitions does not exist in research work and bugs pertaining to the same mechanisms sometimes appear with different names, which makes it difficult to identify, categorize, and analyze vulnerabilities.

Verifying Security Vulnerabilities for Blockchain-based Smart Contracts

TLDR
This paper analyses the background of blockchain technology, the implementation of smart contracts, and the cybersecurity aspect in the blockchain field, and describes an in-depth analysis of five static analysis tools (or code verifiers), their capabilities and drawbacks.

SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts

  • Noama Fatima SamreenM. Alalfi
  • Computer Science
    2021 IEEE/ACM 4th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB)
  • 2021
TLDR
The proposed framework, SmartScan, statically scans smart contracts under test (SCUTs) to identify patterns that are potentially vulnerable in these SCUTs and then uses dynamic analysis to precisely confirm their exploitability of the DoS-Unexpected Revert vulnerability, thus achieving increased performance and more precise results.

A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities

TLDR
A classification scheme of smart contract vulnerabilities according to their error source and impact is devised, and is focused on the Ethereum blockchain, which is the first and most popular blockchain to support the deployment of smart contracts, and Solidity as the most widely used language to implement smart contracts.

Security enhancement technologies for smart contracts in the blockchain: A survey

TLDR
This paper provides a review of the current research status and advances in smart contract security based on related literature published in recent years, divided into six categories along the line of the technology, which includes symbolic execution, abstract interpretation, fuzz testing, formal verification, deep learning, and privacy enhancement.

Smart Contract Security: A Software Lifecycle Perspective

TLDR
A literature review of smart contract security from a software lifecycle perspective analyzes the key features of blockchain that can cause security issues in smart contracts and summarizes the common security vulnerabilities of smart contracts.

Smart Contract Vulnerability Detection Technique: A Survey

TLDR
The common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer are summarized and the challenges in the smart contract vulnerability detection are discussed and combined with the deep learning technology is discussed.

Review of Automated Vulnerability Analysis of Smart Contracts on Ethereum

TLDR
A systematic literature review (SLR) to assess the state of the art regarding automated vulnerability analysis of smart contracts on Ethereum with a focus on classifications of vulnerabilities, detection methods, security analysis tools, and benchmarks for the assessment of tools.

Research on Blockchain Smart Contracts Vulnerability and A Code Audit Tool based on Matching Rules

TLDR
An original version of the contract code audit tool based on matching rules is given that can ensure that the contract has a complete audit process before deployment, so as to decrease the DApp vulnerability caused by poor programming.
...

References

SHOWING 1-10 OF 131 REFERENCES

Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains

TLDR
The goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity, to provide the first body of knowledge for creating more secure blockchain-based software.

SmartCheck: Static Analysis of Ethereum Smart Contracts

TLDR
The paper provides a comprehensive classification of code issues in Solidity and implements SmartCheck -- an extensible static analysis tool that detects them and reflects the current state of knowledge on Solidity vulnerabilities and shows significant improvements over alternatives.

A Semantic Framework for the Security Analysis of Ethereum smart contracts

TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach

TLDR
FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM), is introduced and a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts is presented.

A Survey of Attacks on Ethereum Smart Contracts (SoK)

TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Making Smart Contracts Smarter

TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.

Smart contracts: security patterns in the ethereum ecosystem and solidity

  • Maximilian WöhrerU. Zdun
  • Computer Science
    2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)
  • 2018
TLDR
Several common security patterns are elaborated, which can be applied by Solidity developers to mitigate typical attack scenarios and describe solutions to typical security issues.

Smart contracts vulnerabilities: a call for blockchain software engineering?

TLDR
A case of study where a bug discovered in a Smart Contract library, and perhaps "unsafe" programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers, is analyzed.

Securify: Practical Security Analysis of Smart Contracts

TLDR
An extensive evaluation of Securify over real-world Ethereum smart contracts is presented and it is demonstrated that it can effectively prove the correctness of smart contracts and discover critical violations.

Formal Verification of Smart Contracts: Short Paper

TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification.
...