DeepAI AI Chat
Log In Sign Up

Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey

by   Purathani Praitheeshan, et al.
Deakin University
Monash University

Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and hold a significant amount of cryptocurrency to perform trusted transactions and agreements. Millions of dollars as part of the assets held by the smart contracts were stolen or frozen through the notorious attacks just between 2016 and 2018, such as the DAO attack, Parity Multi-Sig Wallet attack, and the integer underflow/overflow attacks. These attacks were caused by a combination of technical flaws in designing and implementing software codes. However, many more vulnerabilities of less severity are to be discovered because of the scripting natures of the Solidity language and the non-updateable feature of blockchains. Hence, we surveyed 16 security vulnerabilities in smart contract programs, and some vulnerabilities do not have a proper solution. This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities. By correlating 16 Ethereum vulnerabilities and 19 software security issues, we predict that many attacks are yet to be exploited. And we have explored many software tools to detect the security vulnerabilities of smart contracts in terms of static analysis, dynamic analysis, and formal verification. This survey presents the security problems in smart contracts together with the available analysis tools and the detection methods. We also investigated the limitations of the tools or analysis methods with respect to the identified security vulnerabilities of the smart contracts.


page 1

page 14


A Survey of Security Vulnerabilities in Ethereum Smart Contracts

Ethereum Smart Contracts based on Blockchain Technology (BT)enables mone...

Pre-deployment Analysis of Smart Contracts – A Survey

Smart contracts are programs that execute transactions involving indepen...

TokenHook: Secure ERC-20 smart contract

ERC-20 is the most prominent Ethereum standard for fungible tokens. Toke...

Security Threat Mitigation For Smart Contracts: A Survey

The blockchain technology has been used for recording state transitions ...

Vyper: A Security Comparison with Solidity Based on Common Vulnerabilities

Vyper has been proposed as a new high-level language for Ethereum smart ...

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

In recent years, Ethereum gained tremendously in popularity, growing fro...

Vandal: A Scalable Security Analysis Framework for Smart Contracts

The rise of modern blockchains has facilitated the emergence of smart co...