Abstract

Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a software lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.

Highlights

  • As a decentralized and tamper-proof ledger, blockchain has been portrayed as an ultimate security technology in many respects, such as artificial intelligence (AI) [1]–[4], big data [5], [6], Internet of Things (IoT) [7]–[9] and digital property (e.g., Deepfake [10] and Proof of delivery [11])

  • We revealed the most common security vulnerabilities of smart contracts in Ethereum and Fabric

  • We discussed the differences in vulnerabilities on different blockchain platforms

Read more

Summary

INTRODUCTION

As a decentralized and tamper-proof ledger, blockchain has been portrayed as an ultimate security technology in many respects, such as artificial intelligence (AI) [1]–[4], big data [5], [6], Internet of Things (IoT) [7]–[9] and digital property (e.g., Deepfake [10] and Proof of delivery [11]). We think that these vulnerabilities arise from three aspects: the Solidity language, the blockchain platform, and a misunderstanding of common practices. An integer underflow occurs when a subtract operation attempts to create a value that is outside of the unit type range (0∼255), which will cause a misjudgment of the count value This vulnerability exists in many platforms and smart contract languages. Similar to the vulnerabilities in Ethereum smart contracts, the vulnerabilities in Fabric chaincodes arise from three aspects: the Go language, the blockchain platform, and a misunderstanding of common practices. Some approaches for effectively detecting and preventing the proliferation of malicious behaviors in smart contracts are encouraged [28], [41]

SECURITY SOLUTIONS FOR SMART CONTRACTS
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.