Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains

09/07/2018
by   Reza M. Parizi, et al.
0

The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the introduction of smart contracts. Smart contracts are self-enforcing pieces of software, which reside and run over a hosting blockchain. Using blockchain-based smart contracts for secure and transparent management to govern interactions (authentication, connection, and transaction) in Internet-enabled environments, mostly IoT, is a niche area of research and practice. However, writing trustworthy and safe smart contracts can be tremendously challenging because of the complicated semantics of underlying domain-specific languages and its testability. There have been high-profile incidents that indicate blockchain smart contracts could contain various code-security vulnerabilities, instigating financial harms. When it involves security of smart contracts, developers embracing the ability to write the contracts should be capable of testing their code, for diagnosing security vulnerabilities, before deploying them to the immutable environments on blockchains. However, there are only a handful of security testing tools for smart contracts. This implies that the existing research on automatic smart contracts security testing is not adequate and remains in a very stage of infancy. With a specific goal to more readily realize the application of blockchain smart contracts in security and privacy, we should first understand their vulnerabilities before widespread implementation. Accordingly, the goal of this paper is to carry out a far-reaching experimental assessment of current static smart contracts security testing tools, for the most widely used blockchain, the Ethereum and its domain-specific programming language, Solidity to provide the first...

READ FULL TEXT

page 7

page 8

research
06/21/2021

HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection

With its unique advantages such as decentralization and immutability, bl...
research
08/21/2023

Static Application Security Testing of Consensus-Critical Code in the Cosmos Network

Blockchains require deterministic execution in order to reach consensus....
research
12/09/2022

A Systematic Literature Review on Smart Contracts Security

Smart contracts are blockchain-based algorithms that execute when specif...
research
07/14/2023

A Blockchain-Based Framework for Distributed Agile Software Testing Life Cycle

A blockchain-based framework for distributed agile software testing life...
research
06/12/2018

Rethinking Blockchain Security: Position Paper

Blockchain technology has become almost as famous for incidents involvin...
research
10/23/2021

Diving Into Blockchain's Weaknesses: An Empirical Study of Blockchain System Vulnerabilities

Blockchain is an emerging technology for its decentralization and the ca...
research
10/09/2020

Psamathe: A DSL with Flows for Safe Blockchain Assets

Blockchains host smart contracts for crowdfunding, tokens, and many othe...

Please sign up or login with your details

Forgot password? Click here to reset