Security enhancement technologies for smart contracts in the blockchain: A survey

Wang, Yajing; He, Jingsha; Zhu, Nafei; Yi, Yuzi; Zhang, Qingqing; Song, Hongyu; Xue, Ruixin

doi:10.1002/ett.4341

Cited by 21 publications

(9 citation statements)

References 115 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although they divide the defenses into proactive and reactive, they are lacking an explanation of how the different tools are designed. Another survey by Wang and He et al [159] reviews 6 kinds of vulnerability detection methods and privacy protection techniques in 3 platforms (i.e., Ethereum, Hyperledger fabric and Corda), and summarizes several commonly used tools for each method. Di Angelo et al [58] investigate 27 analysis tools of Ethereum smart contracts regarding availability, maturity level, methods employed, and detection of security issues.…”

Section: Prior Surveysmentioning

confidence: 99%

Security Threat Mitigation For Smart Contracts: A Survey

Иванов¹,

Li²,

Sun³

et al. 2023

Preprint

View full text Add to dashboard Cite

The blockchain technology, initially created for cryptocurrency, has been re-purposed for recording state transitions of smart contracts -decentralized applications that can be invoked through external transactions. Smart contracts gained popularity and accrued hundreds of billions of dollars in market capitalization in recent years. Unfortunately, like all other programs, smart contracts are prone to security vulnerabilities that have incurred multimillion-dollar damages over the past decade. As a result, many automated threat mitigation solutions have been proposed to counter the security issues of smart contracts. These threat mitigation solutions include various tools and methods that are challenging to compare. This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model. We classify 133 existing threat mitigation solutions using our taxonomy and confirm that the proposed five dimensions allow us to concisely and accurately describe any smart contract threat mitigation solution. In addition to learning what the threat mitigation solutions do, we also show how these solutions work by synthesizing their actual designs into a set of uniform workflows corresponding to the eight existing defense core methods. We further create an integrated coverage map for the known smart contract vulnerabilities by the existing threat mitigation solutions. Finally, we perform the evidence-based evolutionary analysis, in which we identify trends and future perspectives of threat mitigation in smart contracts and pinpoint major weaknesses of the existing methodologies. For the convenience of smart contract security developers, auditors, users, and researchers, we deploy a regularly updated comprehensive open-source online registry of threat mitigation solutions.CCS Concepts: • Security and privacy → Distributed systems security.

show abstract

Section: Prior Surveysmentioning

confidence: 99%

Security Threat Mitigation For Smart Contracts: A Survey

Иванов¹,

Li²,

Sun³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Surveys exist that focus on pre-deployment analysis methods. Wang et al [213] review symbolic execution, abstract interpretation, fuzz testing, formal verification, deep learning, and privacy enhancement on smart contracts and compare various tools and methods that address security issues. That work does not survey properties verified using these approaches.…”

Section: Studymentioning

confidence: 99%

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment.Several patterns about the strengths of different methods emerge through this classification process.CCS Concepts: • General and reference → Surveys and overviews; • Software and its engineering → Automated static analysis; Dynamic analysis; Software verification.

show abstract

“…If the given contract criteria are matched, then all the defined operations for that transaction will be executed. 40 Once the transaction is validated, it is authenticated and inserted into a new block using a consensus procedure. The blockchain also stores the transaction and the modified state along with the status of the participants.…”

Section: Smart Contractmentioning

confidence: 99%

“…The miner runs the contract code in the local sandbox environment after getting a call message about the transaction. If the given contract criteria are matched, then all the defined operations for that transaction will be executed 40 . Once the transaction is validated, it is authenticated and inserted into a new block using a consensus procedure.…”

Section: Preliminariesmentioning

confidence: 99%

Smart contract assisted blockchain based public key infrastructure system

Panigrahi

Nayak

Paul

2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Public key infrastructure (PKI) is a reliable solution for Internet communication. PKI finds applications in secure email, virtual private network (VPN), e‐commerce, e‐governance, and so on. It provides a secure mechanism to authenticate users and communications. The conventional PKI system is centralized, which exposes the infrastructure to many security issues. The digital certificate generation and validation processes in PKI suffer from high latency and inadequate authentication processes. Moreover, it needs enormous time and effort to mitigate the malfeasance of the certificate authority (CA). The complexity of employing the traditional key and certificate management increases by enforcing the centralized CA$$ CA $$, which can compromise the transaction security. To overcome the aforementioned issues of PKI, three different solutions have been reported in the literature: Log based PKI (LBPKI), Web of Trust (WoT), and blockchain based PKI. The blockchain based PKI achieves more attention as it is the combination of LBPKI and WoT, which serves distributed trust, log of transactions, and constant sized data to verify the identity of users. Motivated by these facts, this article reports a blockchain‐based PKI system which has a lighter smart contract and less storage capacity and is also suitable for lightweight applications. The lighter smart contract in our infrastructure uses a threshold0.3emvalue$$ threshold\kern0.3em value $$, which validates the limit of one participating node for becoming the CA$$ CA $$ of any transaction inside the network. This approach can prevent distributed denial of service (DDoS) attacks. This smart contract also checks the signer node address. The proposed smart contract can prevent seven cyber attacks, such as Denial of Service (DoS), Man in the Middle Attack (MITM), Distributed Denial of Service (DDoS), 51%, Injection attacks, Routing Attack, and Eclipse attack. The Delegated Proof of Stake (DPoS) consensus algorithm used in this model reduces the number of validators for each transaction which makes it suitable for lightweight applications. The timing complexity of key/certificate validation and signature/certificate revocation processes do not depend on the number of transactions. The comparisons of various timing parameters with existing solutions show that the proposed PKI is competitively better.

show abstract

Security enhancement technologies for smart contracts in the blockchain: A survey

Cited by 21 publications

References 115 publications

Security Threat Mitigation For Smart Contracts: A Survey

Security Threat Mitigation For Smart Contracts: A Survey

Pre-deployment Analysis of Smart Contracts -- A Survey

Smart contract assisted blockchain based public key infrastructure system

Contact Info

Product

Resources

About