SolAnalyser: A Framework for Analysing and Testing Smart Contracts

Akca, Sefa; Rajan, Ajitha; Peng, Chao

doi:10.1109/apsec48747.2019.00071

Cited by 45 publications

(55 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this section, we have reviewed Ethereum Smart Contract vulnerabilities [9], [31]- [45], [122], [123], [131], [132], [138]- [142] with some well-known attacks/example [32], [46]- [49], detection tools [30], [37], [50]- [58], [125], [133]- [137], [143], and their suggested preventive methods [30], [47], [59]- [63], [124], [126]. Researchers classified these vulnerabilities based on different criteria such as seriousness, root cause, flaws in solidity, security flaws, privacy flaws, performance flaws, flaws in EVM [27] byte code, and blockchain [64] characteristics.…”

Section: Ethereum Smart Contract Vulnerabilities and Preventive Methodsmentioning

confidence: 99%

“…This paper presents a deep insight into each vulnerability as well as its detection tools, real life attacks and prevention mechanisms. Academic Haskell E-EVM [25] Academic Python EtherTrust [104] Academic java EthIR [105] Academic Python FSolidM [106] Academic Java Script Gasper [42] *SDSLabs Go KEVM [107] Academic Python MAIAN [59] Academic Python Manticore [108] *Trail of Bits Python Mythril [72] *ConsenSys Python Osiris [61] Academic Python Oyente [10] Community Python Porosity [109] *Comae Technologies C++ Rattle [110] *Trail of Bits Python ReGaurd [76] *Chieftin Lab C++ Remix-IDE [111] Community Java Script SASC [112] *Fujitsu Python sCompile [113] Academic C++ Securify [71] Academic Java SmartCheck [69] Academic Java Solgraph [114] *Raine Revere Java Script SolMet [93] Academic Java teEther [26] Academic Python Vandal [115] Academic Python Zeus [116] *IBM Research India C++ * Tool development company name [129] Harz et al [130] Angelo et al [54] Chen et al [145] Luu et al [10] Atzei et al [48] Tang et al [144] Durieux et al [145] at a very fast speed. Ethereum blockchain design and EVM features pose several security challenges [38], [117]-[121].…”

Section: A Comparison With Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract

et al. 2022

View full text Add to dashboard Cite

Blockchain is a revolutionary technology that enables users to communicate in a trust-less manner. It revolutionizes the modes of business between organizations without the need for a trusted third party. It is a distributed ledger technology based on a decentralized peer-to-peer (P2P) network. It enables users to store data globally on thousands of computers in an immutable format and empowers users to deploy small pieces of programs known as smart contracts. The blockchain-based smart contract enables auto enforcement of the agreed terms between two untrusted parties. There are several security vulnerabilities in Ethereum blockchain-based smart contracts, due to which sometimes it does not behave as intended. Because a smart contract can hold millions of dollars as cryptocurrency, so these security vulnerabilities can lead to disastrous losses. In this paper, a systematic review of the security vulnerabilities in the Ethereum blockchain is presented. The main objective is to discuss Ethereum smart contract security vulnerabilities, detection tools, real life attacks and preventive mechanisms. Comparisons are drawn among the Ethereum smart contract analysis tools by considering various features. From the extensive depth review, various issues associated with the Ethereum blockchain-based smart contract are highlighted. Finally, various future directions are also discussed in the field of the Ethereum blockchain-based smart contract that can help the researchers to set the directions for future research in this domain.

show abstract

Section: Ethereum Smart Contract Vulnerabilities and Preventive Methodsmentioning

confidence: 99%

Section: A Comparison With Related Workmentioning

confidence: 99%

Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract

et al. 2022

View full text Add to dashboard Cite

show abstract

“…In works related to code analysis, selected flaws in smart contract code (e.g., overflow and underflow [20] or reentrancy [22]) and their detection using formal methods have been researched (e.g., [132], [163], [164]). For automated detection of these flaws, software tools have been proposed that perform formal verification (e.g., [163], [165], [166]), dynamic code analysis (e.g., [132], [133], [152]), static code analysis (e.g., [23], [24], [167]- [169]), or machine learning using classifiers like XGBoost or AdaBoost (e.g., [25]). These tools are designed to support developers in improving their code by identifying recurring flaws in smart contract code (e.g., by using formalized patterns of code flaws).…”

Section: Related Workmentioning

confidence: 99%

“…Besides code analysis, research has proposed approaches and tools for software testing (e.g., [24], [171]- [173]). Related works offer valuable and practical insights that support smart contract developers in improving their code through different testing strategies and tools.…”

Section: Related Workmentioning

confidence: 99%

“…These solutions can be largely distinguished into automated verification and coding support. For automated verification, existing research presents software tools (e.g., MadMax [14] or ReGuard [22]) for automatically identifying flaws in smart contract code (e.g., using static analysis [23], dynamic analysis [24], or machine learning [25]) and increasing code quality. Nevertheless, the applicability of automated verification to smart contract code is limited in terms of comprehensiveness because most formal verification tools apply static patterns with the Bitcoin documentation [3] and find Bitcoin's smart contract capabilities not Turing-complete.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Challenges and Common Solutions in Smart Contract Development

Kannengießer

Lins

Sander

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Smart contracts are a promising means of formalizing and reliably enforcing agreements between entities using distributed ledger technology (DLT). Research has revealed that a significant number of smart contracts are subject to programming flaws, making them vulnerable to attacks and leading to detrimental effects, such as asset loss. Researchers and developers call for a thorough analysis of challenges to identify their causes and propose solutions. To respond to these calls, we conducted two literature reviews and diverse expert interviews and synthesized scattered knowledge on challenges and solutions. We identified 29 challenges (e.g., code visibility, code updateability, and encapsulation) and 60 solutions (e.g., gas limit specification, off-ledger computations, and shadowing). Moreover, we developed 20 software design patterns (SDPs) in collaboration with smart contract developers. The SDPs help developers adjust their programming habits and thus support them in their daily development practices. Our results provide actionable knowledge for smart contract developers to overcome the identified challenges and offer support for comparing smart contract integration concepts across three fundamentally different DLT protocols (i.e., Ethereum, EOSIO, and Hyperledger Fabric). Moreover, we support developers in becoming aware of peculiarities in smart contract development and the resulting benefits and drawbacks.

show abstract

An extensive multivocal literature review of blockchain technology: Evolution, challenges, platforms, security, and interoperability

Monika,

Bhatia,

Kumar

2024

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Blockchain technology has gained enormous interest from industry and academia recently. Technology enthusiasts are exploring its use case beyond cryptocurrencies and claim that blockchain technology can overcome the inefficiencies of centralized systems. In this study, we continue the work of previous authors, aiming to provide a more comprehensive understanding of the technical aspects of blockchain. This study is the first of its kind to review and analyze the current status of different technical aspects of blockchain technology influencing its adoption. We performed an extensive multivocal review to (i) demonstrate the progress of blockchain, (ii) discuss the challenges related to the wide‐scale adoption of the technology, (iii) present a detailed analysis of blockchain platforms, (iv) highlight security and interoperability issues followed by the solutions proposed in the literature. We have considered 259 peer‐reviewed research papers and the gray literature related to 40 blockchain platforms to provide an in‐depth analysis of blockchain technology. In conclusion, this comprehensive survey provides a holistic view of blockchain technology's progress. It identifies challenges, trends, and future research directions, serving as a valuable resource for researchers and practitioners seeking to navigate the dynamic blockchain landscape.

show abstract

SolAnalyser: A Framework for Analysing and Testing Smart Contracts

Cited by 45 publications

References 16 publications

Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract

Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract

Challenges and Common Solutions in Smart Contract Development

An extensive multivocal literature review of blockchain technology: Evolution, challenges, platforms, security, and interoperability

Contact Info

Product

Resources

About