Smart Contract Vulnerabilities: Does Anyone Care?

02/18/2019
by   Daniel Perez, et al.
0

In the last year we have seen a great deal of both academic and practical interest in the topic of vulnerabilities in smart contracts, particularly those developed for the Ethereum blockchain. In this paper we survey the 21,270 vulnerable contracts reported by five recent academic projects. Contrary to what might have been believed given the reported number of vulnerable contracts, there has been precious little in terms of actual exploitation when it comes to these vulnerabilities. We find that at most 504 out of 21,270 contracts have been subjected to exploits. This corresponds to at most 9,094 ETH (1 million USD), or only 0.30 claimed in some of the papers. While we are certainly not implying that smart contract vulnerability research is without merit, our results suggest that the potential impact of vulnerable code had been greatly exaggerated.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/07/2021

Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts

Ethereum smart contracts are programs that run on the Ethereum blockchai...
research
03/06/2023

Metamorphic Testing for Smart Contract Vulnerabilities Detection

Despite the rapid growth of smart contracts, they are suffering numerous...
research
09/18/2023

Efficient Avoidance of Vulnerabilities in Auto-completed Smart Contract Code Using Vulnerability-constrained Decoding

Auto-completing code enables developers to speed up coding significantly...
research
02/16/2018

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

Smart contracts---stateful executable objects hosted on blockchains like...
research
03/18/2022

Extorsionware: Exploiting Smart Contract Vulnerabilities for Fun and Profit

Smart Contracts (SCs) publicly deployed on blockchain have been shown to...
research
05/01/2019

Characterizing Code Clones in the Ethereum Smart Contract Ecosystem

In this paper, we present the first large-scale and systematic study to ...
research
02/07/2020

Formalising and verifying smart contracts with Solidifier: a bounded model checker for Solidity

The exploitation of smart-contract vulnerabilities can have catastrophic...

Please sign up or login with your details

Forgot password? Click here to reset