DeepAI AI Chat
Log In Sign Up

Smart Contract Vulnerabilities: Does Anyone Care?

by   Daniel Perez, et al.

In the last year we have seen a great deal of both academic and practical interest in the topic of vulnerabilities in smart contracts, particularly those developed for the Ethereum blockchain. In this paper we survey the 21,270 vulnerable contracts reported by five recent academic projects. Contrary to what might have been believed given the reported number of vulnerable contracts, there has been precious little in terms of actual exploitation when it comes to these vulnerabilities. We find that at most 504 out of 21,270 contracts have been subjected to exploits. This corresponds to at most 9,094 ETH (1 million USD), or only 0.30 claimed in some of the papers. While we are certainly not implying that smart contract vulnerability research is without merit, our results suggest that the potential impact of vulnerable code had been greatly exaggerated.


page 1

page 2

page 3

page 4


EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection

EOSIO is one typical public blockchain platform. It is scalable in terms...

Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts

Ethereum smart contracts are programs that run on the Ethereum blockchai...

Metamorphic Testing for Smart Contract Vulnerabilities Detection

Despite the rapid growth of smart contracts, they are suffering numerous...

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

Smart contracts---stateful executable objects hosted on blockchains like...

Extorsionware: Exploiting Smart Contract Vulnerabilities for Fun and Profit

Smart Contracts (SCs) publicly deployed on blockchain have been shown to...

Characterizing Code Clones in the Ethereum Smart Contract Ecosystem

In this paper, we present the first large-scale and systematic study to ...

Schooling to Exploit Foolish Contracts

We introduce SCooLS, our Smart Contract Learning (Semi-supervised) engin...