SafePay on Ethereum: A Framework For Detecting Unfair Payments in Smart Contracts

Li, Yue; Liu, Han; Yang, Zhiqiang; Ren, Qian; Wang, Lei; Chen, Bangdao

doi:10.1109/icdcs47774.2020.00116

Cited by 3 publications

(2 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sereum [133], ECFChecker [78], TokenScope [55], EasyFlow [72], TxSpector [169], and EthScope [162] are the threat mitigation solutions that read smart contract information from the chain data, i.e., stored copy of the blockchain. Some threat mitigation solutions use a combination of bytecode and source code as an input, e.g., Securify 6 [151], SAFEVM [23], Gastap [24], SafePay [103], and CPN [60]. Other solutions, in addition to a smart contract, also take a set of manual specifications as an input, as we see it in FSolidM [116], Model-Checking [122], VeriSolid [117], solc-verify [79], BitML [31], SmartPulse [143], ESCORT [111], and ContractLarva [61].…”

Section: Data Mappingmentioning

confidence: 99%

“…Some symbolic execution solutions use certain augmentations to the basic design by adding additional features. Oyente [112], teEther [97], SafePay [103], Artemis [153], and DEFECTCHECKER [52] process the smart contract to build a CFG. Another augmentation observed in symbolic execution solutions is the production of exploits (sample inputs revealing vulnerabilities), as can be seen in teEther [97] and EthBMC [68].…”

Section: Symbolic Execution Workflowmentioning

confidence: 99%

See 1 more Smart Citation

Security Threat Mitigation For Smart Contracts: A Survey

Иванов¹,

Li²,

Sun³

et al. 2023

Preprint

View full text Add to dashboard Cite

The blockchain technology, initially created for cryptocurrency, has been re-purposed for recording state transitions of smart contracts -decentralized applications that can be invoked through external transactions. Smart contracts gained popularity and accrued hundreds of billions of dollars in market capitalization in recent years. Unfortunately, like all other programs, smart contracts are prone to security vulnerabilities that have incurred multimillion-dollar damages over the past decade. As a result, many automated threat mitigation solutions have been proposed to counter the security issues of smart contracts. These threat mitigation solutions include various tools and methods that are challenging to compare. This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model. We classify 133 existing threat mitigation solutions using our taxonomy and confirm that the proposed five dimensions allow us to concisely and accurately describe any smart contract threat mitigation solution. In addition to learning what the threat mitigation solutions do, we also show how these solutions work by synthesizing their actual designs into a set of uniform workflows corresponding to the eight existing defense core methods. We further create an integrated coverage map for the known smart contract vulnerabilities by the existing threat mitigation solutions. Finally, we perform the evidence-based evolutionary analysis, in which we identify trends and future perspectives of threat mitigation in smart contracts and pinpoint major weaknesses of the existing methodologies. For the convenience of smart contract security developers, auditors, users, and researchers, we deploy a regularly updated comprehensive open-source online registry of threat mitigation solutions.CCS Concepts: • Security and privacy → Distributed systems security.

show abstract