• Corpus ID: 201645142

Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey

@article{Praitheeshan2019SecurityAM,
  title={Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey},
  author={Purathani Praitheeshan and Lei Pan and Jiangshan Yu and Joseph K. Liu and Robin Ram Mohan Doss},
  journal={ArXiv},
  year={2019},
  volume={abs/1908.08605}
}
Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and hold a significant amount of cryptocurrency to perform trusted transactions and agreements. Millions of dollars as part of the assets held by the smart contracts were stolen or frozen through the notorious… 
A Survey of Security Vulnerabilities in Ethereum Smart Contracts
TLDR
Eight vulnerabilities that are specific to the application level of BT are explained by analyzing the past exploitation case scenarios of these security vulnerabilities by investigating the availability of detection tools for identifying these vulnerabilities and lack thereof.
The State of Ethereum Smart Contracts Security: Vulnerabilities, Countermeasures, and Tool Support
TLDR
The findings indicate that a uniform set of smart contract vulnerability definitions does not exist in research work and bugs pertaining to the same mechanisms sometimes appear with different names, which makes it difficult to identify, categorize, and analyze vulnerabilities.
Verifying Security Vulnerabilities for Blockchain-based Smart Contracts
TLDR
This paper analyses the background of blockchain technology, the implementation of smart contracts, and the cybersecurity aspect in the blockchain field, and describes an in-depth analysis of five static analysis tools (or code verifiers), their capabilities and drawbacks.
SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts
  • Noama Fatima Samreen, M. Alalfi
  • Computer Science
    2021 IEEE/ACM 4th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB)
  • 2021
TLDR
The proposed framework, SmartScan, statically scans smart contracts under test (SCUTs) to identify patterns that are potentially vulnerable in these SCUTs and then uses dynamic analysis to precisely confirm their exploitability of the DoS-Unexpected Revert vulnerability, thus achieving increased performance and more precise results.
A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities
TLDR
A classification scheme of smart contract vulnerabilities according to their error source and impact is devised, and is focused on the Ethereum blockchain, which is the first and most popular blockchain to support the deployment of smart contracts, and Solidity as the most widely used language to implement smart contracts.
Security enhancement technologies for smart contracts in the blockchain: A survey
TLDR
This paper provides a review of the current research status and advances in smart contract security based on related literature published in recent years, divided into six categories along the line of the technology, which includes symbolic execution, abstract interpretation, fuzz testing, formal verification, deep learning, and privacy enhancement.
Smart Contract Security: A Software Lifecycle Perspective
TLDR
A literature review of smart contract security from a software lifecycle perspective analyzes the key features of blockchain that can cause security issues in smart contracts and summarizes the common security vulnerabilities of smart contracts.
Review of Automated Vulnerability Analysis of Smart Contracts on Ethereum
TLDR
A systematic literature review (SLR) to assess the state of the art regarding automated vulnerability analysis of smart contracts on Ethereum with a focus on classifications of vulnerabilities, detection methods, security analysis tools, and benchmarks for the assessment of tools.
Research on Blockchain Smart Contracts Vulnerability and A Code Audit Tool based on Matching Rules
TLDR
An original version of the contract code audit tool based on matching rules is given that can ensure that the contract has a complete audit process before deployment, so as to decrease the DApp vulnerability caused by poor programming.
Blockchain smart contracts: Applications, challenges, and future trends
TLDR
A taxonomy of existing blockchain-enabled smart contract solutions is presented, a set of challenges and open issues that need to be addressed in future studies are identified, and future trends are identified.
...
...

References

SHOWING 1-10 OF 135 REFERENCES
Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains
TLDR
The goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity, to provide the first body of knowledge for creating more secure blockchain-based software.
Vandal: A Scalable Security Analysis Framework for Smart Contracts
TLDR
Vandal is both fast and robust, successfully analysing over 95% of all 141k unique contracts with an average runtime of 4.15 seconds; outperforming the current state of the art tools---Oyente, EthIR, Mythril, and Rattle---under equivalent conditions.
SmartCheck: Static Analysis of Ethereum Smart Contracts
TLDR
The paper provides a comprehensive classification of code issues in Solidity and implements SmartCheck -- an extensible static analysis tool that detects them and reflects the current state of knowledge on Solidity vulnerabilities and shows significant improvements over alternatives.
A Semantic Framework for the Security Analysis of Ethereum smart contracts
TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach
TLDR
FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM), is introduced and a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts is presented.
A Survey of Attacks on Ethereum Smart Contracts (SoK)
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Making Smart Contracts Smarter
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Security Vulnerabilities in Ethereum Smart Contracts
  • Ardit Dika, M. Nowostawski
  • Computer Science
    2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
  • 2018
TLDR
The field of security of smart contract programming is reviewed and a comprehensive taxonomy of all known security issues is provided by a thorough review of known vulnerabilities by assessing their effectiveness and accuracy on known issues on a representative sample of vulnerable contracts.
Smart contracts: security patterns in the ethereum ecosystem and solidity
  • Maximilian Wöhrer, U. Zdun
  • Computer Science
    2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)
  • 2018
TLDR
Several common security patterns are elaborated, which can be applied by Solidity developers to mitigate typical attack scenarios and describe solutions to typical security issues.
Smart contracts vulnerabilities: a call for blockchain software engineering?
TLDR
A case of study where a bug discovered in a Smart Contract library, and perhaps "unsafe" programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers, is analyzed.
...
...