Abstract
Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a software lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.
Highlights
As a decentralized and tamper-proof ledger, blockchain has been portrayed as an ultimate security technology in many respects, such as artificial intelligence (AI) [1]–[4], big data [5], [6], Internet of Things (IoT) [7]–[9] and digital property (e.g., Deepfake [10] and Proof of delivery [11])
We revealed the most common security vulnerabilities of smart contracts in Ethereum and Fabric
We discussed the differences in vulnerabilities on different blockchain platforms
Summary
As a decentralized and tamper-proof ledger, blockchain has been portrayed as an ultimate security technology in many respects, such as artificial intelligence (AI) [1]–[4], big data [5], [6], Internet of Things (IoT) [7]–[9] and digital property (e.g., Deepfake [10] and Proof of delivery [11]). We think that these vulnerabilities arise from three aspects: the Solidity language, the blockchain platform, and a misunderstanding of common practices. An integer underflow occurs when a subtract operation attempts to create a value that is outside of the unit type range (0∼255), which will cause a misjudgment of the count value This vulnerability exists in many platforms and smart contract languages. Similar to the vulnerabilities in Ethereum smart contracts, the vulnerabilities in Fabric chaincodes arise from three aspects: the Go language, the blockchain platform, and a misunderstanding of common practices. Some approaches for effectively detecting and preventing the proliferation of malicious behaviors in smart contracts are encouraged [28], [41]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
