Abstract
Smart contracts are programs that reside within decentralized blockchains and are executed pursuant to triggered instructions. A smart contract acts in a similar way to a traditional agreement but negates the necessity for the involvement of a third party. Smart contracts are capable of initiating their commands automatically, thus eliminating the involvement of a regulatory body. As a consequence of blockchain’s immutable feature, smart contracts are developed in a manner that is distinct from traditional software. Once deployed to the blockchain, a smart contract cannot be modified or updated for security patches, thus encouraging developers to implement strong security strategies before deployment in order to avoid potential exploitation at a later time. However, the most recent dreadful attacks and the multifarious existing vulnerabilities which result as a consequence of the absence of security patches have challenged the sustainability of this technology. Attacks such as the Decentralized Autonomous Organization (DAO) attack and the Parity Wallet hack have cost millions of dollars simply as a consequence of naive bugs in the smart contract code. In this paper, we classify blockchain exploitation techniques into 4 categories based on the attack rationale; attacking consensus protocols, bugs in the smart contract, malware running in the operating system, and fraudulent users. We then focus on smart contract vulnerabilities, analyzing the 7 most important attack techniques to determine the real impact on smart contract technology. We reveal that even adopting the 10 most widely used tools to detect smart contract vulnerabilities, these still contain known vulnerabilities, providing a dangerously false sense of security. We conclude the paper with a discussion about recommendations and future research lines to progress towards a secure smart contract solution.
Highlights
A blockchain is a distributed network that is leveraged for various purposes [1]
Bitcoin blockchain enhances a peer to peer digital cash system which allows the participant to perform online transactions [4], whereas, besides digital transactions, Ethereum is utilized to execute smart contract code in decentralized applications which are deployed on the network
The investigation of the literature helps to grasp the concepts of blockchain technology and smart contract frameworks, and provides an overview of Ethereum, decentralized applications, and past smart contract-based attacks
Summary
A blockchain is a distributed network that is leveraged for various purposes [1]. It is an immutable ledger technology where the recorded information is open and can be viewed by everyone. The smart contract is one of these applications which allows agreement to be formed and authentic transactions initiated between parties without the involvement of middlemen. Bitcoin blockchain enhances a peer to peer digital cash system which allows the participant to perform online transactions [4], whereas, besides digital transactions, Ethereum is utilized to execute smart contract code in decentralized applications which are deployed on the network. Being open-source, the contract code enables the involved parties to determine what the contract does and how it is initiated [6] It guarantees the execution of the contract without being affected when certain parts of the network are down or being attacked by adversaries. We focus on various attack types and available security tools to restrict those attacks, as well as limitations that exist to those security enhancements
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
