OpenSCV: an open hierarchical taxonomy for smart contract vulnerabilities

Vidal, Fernando Richter; Ivaki, Naghmeh; Laranjeiro, Nuno

doi:10.1007/s10664-024-10446-8

Empir Software Eng

2024

DOI: 10.1007/s10664-024-10446-8

|View full text |Cite

OpenSCV: an open hierarchical taxonomy for smart contract vulnerabilities

Fernando Richter Vidal,

Naghmeh Ivaki,

Nuno Laranjeiro

Abstract: Smart contracts are nowadays at the core of most blockchain systems. Like all computer programs, smart contracts are subject to the presence of residual faults, including severe security vulnerabilities. However, the key distinction lies in how these vulnerabilities are addressed. In smart contracts, when a vulnerability is identified, the affected contract must be terminated within the blockchain, as due to the immutable nature of blockchains, it is impossible to patch a contract once deployed. In this contex… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 111 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Taxonomic insights into ethereum smart contracts by linking application categories to security vulnerabilities

Ortu,

Ibba,

Destefanis

et al. 2024

Sci Rep

View full text Add to dashboard Cite

The expansion of smart contracts on the Ethereum blockchain has created a diverse ecosystem of decentralized applications. This growth, however, poses challenges in classifying and securing these contracts. Existing research often separately addresses either classification or vulnerability detection, without a comprehensive analysis of how contract types are related to security risks. Our study addresses this gap by developing a taxonomy of smart contracts and examining the potential vulnerabilities associated with each category. We use the Latent Dirichlet Allocation (LDA) model to analyze a dataset of over 100,040 Ethereum smart contracts, which is notably larger than those used in previous studies. Our analysis categorizes these contracts into eleven groups, with five primary categories: Notary, Token, Game, Financial, and Blockchain interaction. This categorization sheds light on the various functions and applications of smart contracts in today’s blockchain environment. In response to the growing need for better security in smart contract development, we also investigate the link between these categories and common vulnerabilities. Our results identify specific vulnerabilities associated with different contract types, providing valuable insights for developers and auditors. This relationship between contract categories and vulnerabilities is a new contribution to the field, as it has not been thoroughly explored in previous research. Our findings offer a detailed taxonomy of smart contracts and practical recommendations for enhancing security. By understanding how contract categories correlate with vulnerabilities, developers can implement more effective security measures, and auditors can better prioritize their reviews. This study advances both academic knowledge of smart contracts and practical strategies for securing decentralized applications on the Ethereum platform.

show abstract

Taxonomic insights into ethereum smart contracts by linking application categories to security vulnerabilities

Ortu,

Ibba,

Destefanis

et al. 2024

Sci Rep

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

OpenSCV: an open hierarchical taxonomy for smart contract vulnerabilities

Cited by 1 publication

References 111 publications

Taxonomic insights into ethereum smart contracts by linking application categories to security vulnerabilities

Taxonomic insights into ethereum smart contracts by linking application categories to security vulnerabilities

Contact Info

Product

Resources

About