• Corpus ID: 201645142

Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey

@article{Praitheeshan2019SecurityAM,
  title={Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey},
  author={Purathani Praitheeshan and Lei Pan and Jiangshan Yu and Joseph K. Liu and Robin Ram Mohan Doss},
  journal={ArXiv},
  year={2019},
  volume={abs/1908.08605}
}
Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and hold a significant amount of cryptocurrency to perform trusted transactions and agreements. Millions of dollars as part of the assets held by the smart contracts were stolen or frozen through the notorious… 
[PDF] Semantic Reader
71 Citations
Highly Influential Citations
9
Background Citations
47
Methods Citations
10
Results Citations
1

71 Citations

A Survey of Security Vulnerabilities in Ethereum Smart Contracts

Eight vulnerabilities that are specific to the application level of BT are explained by analyzing the past exploitation case scenarios of these security vulnerabilities by investigating the availability of detection tools for identifying these vulnerabilities and lack thereof.

The State of Ethereum Smart Contracts Security: Vulnerabilities, Countermeasures, and Tool Support

The findings indicate that a uniform set of smart contract vulnerability definitions does not exist in research work and bugs pertaining to the same mechanisms sometimes appear with different names, which makes it difficult to identify, categorize, and analyze vulnerabilities.

SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts

  • Noama Fatima SamreenM. Alalfi
  • Computer Science
    2021 IEEE/ACM 4th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB)
  • 2021
The proposed framework, SmartScan, statically scans smart contracts under test (SCUTs) to identify patterns that are potentially vulnerable in these SCUTs and then uses dynamic analysis to precisely confirm their exploitability of the DoS-Unexpected Revert vulnerability, thus achieving increased performance and more precise results.

A Deep Dive into Blockchain-based Smart Contract-specific Security Vulnerabilities

  • Rohini. G. PiseSonali Patil
  • Computer Science
    2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS)
  • 2022
A detailed study of smart contract-specific vulnerabilities and the defense against those vulnerabilities are presented in this article, which will prevent the potential attacks happening on Blockchain distributed applications.

A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities

A classification scheme of smart contract vulnerabilities according to their error source and impact is devised, and is focused on the Ethereum blockchain, which is the first and most popular blockchain to support the deployment of smart contracts, and Solidity as the most widely used language to implement smart contracts.

Blockchain Meets Formal Logic: Semantics Level Cybersecurity Challenges

The relevance, constraints, and properties of logical frameworks are explored to formally verify the correctness of smart contracts before their implementation and be able to solve some vulnerabilities and then prevent their related cyber-attacks.

Security enhancement technologies for smart contracts in the blockchain: A survey

This paper provides a review of the current research status and advances in smart contract security based on related literature published in recent years, divided into six categories along the line of the technology, which includes symbolic execution, abstract interpretation, fuzz testing, formal verification, deep learning, and privacy enhancement.

Smart Contract Security: A Software Lifecycle Perspective

A literature review of smart contract security from a software lifecycle perspective analyzes the key features of blockchain that can cause security issues in smart contracts and summarizes the common security vulnerabilities of smart contracts.

Review of Automated Vulnerability Analysis of Smart Contracts on Ethereum

A systematic literature review (SLR) to assess the state of the art regarding automated vulnerability analysis of smart contracts on Ethereum with a focus on classifications of vulnerabilities, detection methods, security analysis tools, and benchmarks for the assessment of tools.

Research on Blockchain Smart Contracts Vulnerability and A Code Audit Tool based on Matching Rules

An original version of the contract code audit tool based on matching rules is given that can ensure that the contract has a complete audit process before deployment, so as to decrease the DApp vulnerability caused by poor programming.
...

References

SHOWING 1-10 OF 131 REFERENCES

Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains

The goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity, to provide the first body of knowledge for creating more secure blockchain-based software.

Vandal: A Scalable Security Analysis Framework for Smart Contracts

Vandal is both fast and robust, successfully analysing over 95% of all 141k unique contracts with an average runtime of 4.15 seconds; outperforming the current state of the art tools---Oyente, EthIR, Mythril, and Rattle---under equivalent conditions.

A Semantic Framework for the Security Analysis of Ethereum smart contracts

The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach

FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM), is introduced and a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts is presented.

A Survey of Attacks on Ethereum Smart Contracts (SoK)

This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Securify: Practical Security Analysis of Smart Contracts

An extensive evaluation of Securify over real-world Ethereum smart contracts is presented and it is demonstrated that it can effectively prove the correctness of smart contracts and discover critical violations.

Formal Verification of Smart Contracts: Short Paper

This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification.

Foundations and Tools for the Static Analysis of Ethereum Smart Contracts

This work will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools, and focus on EtherTrust, a framework for the static analysis of Ethereum smart contracts which includes the first complete small-step semantics of EVM bytecode.

MadMax: surviving out-of-gas conditions in Ethereum smart contracts

MadMax is presented: a static program analysis technique to automatically detect gas-focused vulnerabilities with very high confidence and achieves high precision and scalability.

Smart Contract Programming Languages on Blockchains: An Empirical Evaluation of Usability and Security

The objective of this paper is to give a comprehensive analysis of domain-specific programming practices from critical points of usability and security to provide a working guideline for newcomers and researchers.
...