A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities

03/28/2022
by   Majd Soud, et al.
0

Context: Smart contracts are computer programs that are automatically executed on the blockchain. Vulnerabilities in their implementation have led to severe loss of cryptocurrency. Smart contracts become immutable when deployed to the Ethereum blockchain. Therefore, it is essential to understand the nature of vulnerabilities in Ethereum smart contracts to prevent them in the future. Existing classifications exist, but are limited in several ways. Objective: We aim to characterize vulnerabilities in Ethereum smart contracts written in Solidity, and unify existing classifications schemes. Method: We extracted 2143 vulnerabilities from public coding platforms and popular vulnerability databases and categorized them using a card sorting approach. We targeted the Ethereum blockchain in this paper, as it is the first and most popular blockchain to support the deployment of smart contracts, and Solidity as the most widely used language to implement smart contracts. We devised a classification scheme of smart contract vulnerabilities according to their error source and impact. Afterwards, we mapped existing classification schemes to our classification. Results: The resulting classification consists of 11 categories describing the error source of a vulnerability and 13 categories describing potential impacts. Our findings show that the language specific coding and the structural data flow categories are the dominant categories, but that the frequency of occurrence differs substantially between the data sources. Conclusions: Our findings enable researchers to better understand smart contract vulnerabilities by defining various dimensions of the problem and supporting our classification with mappings with literature-based classifications and frequency distributions of the defined categories.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/30/2020

WANA: Symbolic Execution of Wasm Bytecode for Cross-Platform Smart Contract Vulnerability Detection

Many popular blockchain platforms are supporting smart contracts for bui...
research
07/11/2018

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection

Decentralized cryptocurrencies feature the use of blockchain technology ...
research
11/21/2019

SolidityCheck : Quickly Detecting Smart Contract Problems Through Regular Expressions

As a blockchain platform that has developed vigorously in recent years, ...
research
06/07/2023

An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts

Vulnerabilities of Ethereum smart contracts often cause serious financia...
research
10/06/2022

Single-Use Delegatable Signatures Based on Smart Contracts

Delegation of cryptographic signing rights has found many application in...
research
09/11/2018

Vandal: A Scalable Security Analysis Framework for Smart Contracts

The rise of modern blockchains has facilitated the emergence of smart co...
research
04/23/2023

Consolidation of Ground Truth Sets for Weakness Detection in Smart Contracts

Smart contracts are small programs on the blockchain that often handle v...

Please sign up or login with your details

Forgot password? Click here to reset