The Vulnerabilities in Smart Contracts: A Survey

Tang, Xiangyan; Zhou, Ke; Cheng, Jieren; Li, Hui; Yuan, Yuming

doi:10.1007/978-3-030-78621-2_14

Cited by 19 publications

(15 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, it does not provide any specification or classification of the properties of smart contracts. Tang et al [199] review and classify security vulnerabilities into Solidity, EVM, and blockchain levels, and Lopez Vivar et al [129] overview key vulnerabilities with two relevant attacks. Both works do review analysis methods and vulnerability detection methods, including static analysis, dynamic analysis, and formal verification.…”

Section: Studymentioning

confidence: 99%

“…Furthermore, a recipient specified in the parameters can also be inaccurate; specifically, if an arbitrary contract can call a transaction, it may provide an address to a contract that never submitted any funds beforehand and is therefore not eligible to receive refunds. The contract, in this case, is called a "prodigal contract" that sends refunds to arbitrary contracts [166,199]. These issues can be addressed by establishing validity of transfer address, which asserts that while authenticating a transaction, tx.origin is not used, and if recipient addresses are provided in parameters, they are checked against (a list of) eligible contracts; otherwise, msg.sender is used.…”

Section: Contractmentioning

confidence: 99%

See 1 more Smart Citation

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment.Several patterns about the strengths of different methods emerge through this classification process.CCS Concepts: • General and reference → Surveys and overviews; • Software and its engineering → Automated static analysis; Dynamic analysis; Software verification.

show abstract

Section: Studymentioning

confidence: 99%

Section: Contractmentioning

confidence: 99%

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The fact that the DLT is programmable means that codes can be added in the system to design specific use case scenarios for this technology. One of those programmable products is smart contracts [3]. An American scientist named Nick Szabo was the first to propose smart contracts in 1994.…”

Section: Blockchain and Smart Contract Technologymentioning

confidence: 99%

“…Fig. 1 Properties of Distributed Ledger Technology (DLT) [3] In simple terms, a smart contract is a piece of computer codes that is programmed in a Blockchain, which cannot be altered, deleted, or hacked. The code is just terms and conditions that has been agreed between two parties and will self-execute without the need of any third party once a certain condition is met and the terms are fulfilled.…”

Section: Blockchain and Smart Contract Technologymentioning

confidence: 99%

“…In the same context, smart contracts are programs that are stored on a Blockchain and are executed automatically when some predetermined conditions are met. Nevertheless, there has recently been frequent outbreaks of smart contract security vulnerabilities and privacy issues that raised concerns and challenges to Blockchain [3,4], given that applications of this technology are increasing within different fields. Such recent security issues even led to huge financial losses where for instance, the Dao security vulnerability in 2016 resulted in an economic loss of $50 million [5] and the security vulnerability of parity multi-signature wallet in 2017 resulted in loss of more than $150 million of ether [6].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Vulnerabilities in Smart Contract within Blockchain: A Review and Comparative Analysis of Key Approaches

Kissoon

Bekaroo

2022

2022 3rd International Conference on Next Generation Computing Applications (NextComp)

View full text Add to dashboard Cite

show abstract

Functional suitability assessment of smart contracts: A survey and first proposal

Vacca,

Fredella,

Di Sorbo

et al. 2023

J Software Evolu Process

View full text Add to dashboard Cite

Blockchain is a cross‐cutting technology allowing interactions among untrusted entities in a distributed manner without the need for involving a trusted third party. Smart contracts (i.e., programs running on the blockchain) enabled organizations to envision and implement solutions to real‐world problems in less cost and time. Given the immutability of blockchain and the lack of best practices for properly designing and developing smart contracts, it is crucial to assure smart contract quality before deployment. With the help of an exploratory survey involving developers and researchers, this paper identifies the practices and tools used to develop, implement, and evaluate smart contracts. The survey received 55 valid responses. Such responses indicate that (i) inefficiencies may occur during the development cycle of a smart contract, especially regarding requirements specification, design, and testing phases, and (ii) the lack of a shared standard to evaluate the functional quality of implemented smart contracts. To start coping with these issues, the adoption of functional suitability assessment measures recommended by the ISO/IEC 25000 standard, widely used in software engineering, is proposed by adapting them to the context of smart contracts. Through some examples, the manuscript also illustrates how to measure the functional completeness and correctness of smart contracts. The proposed procedure to measure smart contract functional suitability brings advantages to both developers and users of decentralized finance or non‐fungible tokens platforms, data marketplaces, or shipping and real estate services, just to mention a few. In particular, it helps (i) better outline the responsibilities of smart contracts, (ii) uncover errors and deficiencies of smart contracts in the early stages, and (iii) ensure that the established requirements are met.

show abstract

The Vulnerabilities in Smart Contracts: A Survey

Cited by 19 publications

References 38 publications

Pre-deployment Analysis of Smart Contracts -- A Survey

Pre-deployment Analysis of Smart Contracts -- A Survey

Detecting Vulnerabilities in Smart Contract within Blockchain: A Review and Comparative Analysis of Key Approaches

Functional suitability assessment of smart contracts: A survey and first proposal

Contact Info

Product

Resources

About