Skip to main content
SpringerLink
Log in

The Vulnerabilities in Smart Contracts: A Survey

  • Conference paper
  • First Online:
Advances in Artificial Intelligence and Security (ICAIS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1424))

Included in the following conference series:

Abstract

Blockchain has attracted widespread attention since its inception and one of the special technologies is smart contracts. Smart contracts are programs on blockchain that act as trusted intermediary between the users and are widely used in variety of industry (e.g., IoT, supply chain management). Smart contracts can store or manipulate valuable assets which may cause huge economic losses. Unlike traditional computer programs, the code of a smart contract cannot be modified after it is deployed on the blockchain. Hence, the security analysis and vulnerability detection of the smart contract must be performed before its deployment. In this survey, we considered 15 security vulnerabilities in smart contracts and introduced the vulnerable areas and the causes of vulnerabilities. According to the methods used, we introduced the existing smart contract analysis methods and vulnerability detection tools from three aspects of static analysis, dynamic analysis and formal verification. Finally, by considering the analysis tools and security vulnerabilities, we found that a new attack cannot be detected by existing detection tools if the vulnerability without pre-defined. We recommend using machine learning methods to analyze smart contracts in combination with traditional program vulnerabilities, and find vulnerabilities that have not yet been discovered in smart contracts. In addition, many detection tools require too much resources or are too complex, so it is necessary to introduce new detection methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Nakamoto S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

  2. Ahram, T., Sargolzaei, A., Sargolzaei, S., Daniels, J., Amaba, B.: Blockchain technology innovations. In: 2017 Conference Proceedings Technology and Engineering Management Conference (TEMSCON), pp. 137–141. IEEE (2017)

    Google Scholar 

  3. Xu, X., et al.: A taxonomy of blockchain-based systems for architecture design. In: 2017 IEEE International Conference on Software Architecture (ICSA), pp. 243–252. IEEE (2017)

    Google Scholar 

  4. Peters, G., Panayi, E.: Understanding modern banking ledgers through blockchain technologies: Future of transaction processing and smart contracts on the internet of money. In: Tasca, P., Aste, T., Pelizzon, L., Perony, N. (eds.) Banking beyond banks and money, pp. 239–278. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-42448-4_13

    Chapter  Google Scholar 

  5. Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016)

    Article  Google Scholar 

  6. Bahga, A., Madisetti, V.K.: Blockchain platform for industrial internet of things. J. Softw. Eng. Appl. 9(10), 533 (2016)

    Article  Google Scholar 

  7. Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: using blockchain for medical data access and permission management. In: 2016 2nd International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)

    Google Scholar 

  8. Mettler, M.: Blockchain technology in healthcare: the revolution starts here. In: 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom), pp.1–3. IEEE (2016)

    Google Scholar 

  9. Ølnes, S., Ubacht, J., Janssen, M.: Blockchain in government: benefits and implications of distributed ledger technology for information sharing. Gov. Inf. Q. 34(3), 355–364 (2017)

    Article  Google Scholar 

  10. Staples, M., et al.: Risks and opportunities for systems using blockchain and smart contracts. data61 (2017)

    Google Scholar 

  11. Abeyratne, S.A., Monfared, R.P.: Blockchain ready manufacturing supply chain using distributed ledger. Int. J. Res. Eng. Technol. 5, 1–10 (2016)

    Google Scholar 

  12. Chen, S., Shi, R., Ren, Z., Yan, J., Shi, Y., Zhang, J.: A blockchain based supply chain quality management framework. In: 2017 IEEE 14th International Conference on e-Business Engineering (ICEBE), pp. 172–176. IEEE (2017)

    Google Scholar 

  13. Bussmann, O.: The future of finance: fintech, tech disruption, and orchestrating innovation. In: Francioni, R., Schwartz, R.A. (eds.) Equity Markets in Transition, pp. 473–486. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-45848-9_19

    Chapter  Google Scholar 

  14. Eyal, I.: Blockchain technology: transforming libertarian cryptocurrency dreams to finance and banking realities. Computer 50(9), 38–49 (2017)

    Article  Google Scholar 

  15. Knirsch, F., Unterweger, A., Eibl, G., Engel, D.: Privacy-preserving smart grid tariff decisions with blockchain-based smart contracts. In: Rivera, Wilson (ed.) Sustainable Cloud and Energy Services, pp. 85–116. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-62238-5_4

    Chapter  Google Scholar 

  16. Mylrea, M., Gourisetti, S.N.G.: Blockchain for smart grid resilience: exchanging distributed energy at speed, scale and security. In: 2017 Resilience Week (RWS), pp. 18–23. IEEE (2017)

    Google Scholar 

  17. Sergey, I., Hobor, A.: A concurrent perspective on smart contracts. In: Brenner, M., et al. (eds.) Financial Cryptography and Data Security, pp. 478–493. Springer International Publishing, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_30

    Chapter  Google Scholar 

  18. Bocek, T., Stiller, B.: Smart contracts – blockchains in the wings. In: Linnhoff-Popien, C., Schneider, R., Zaddach, M. (eds.) Digital Marketplaces Unleashed, pp. 169–184. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-49275-8_19

    Chapter  Google Scholar 

  19. Michaell, Y.: Building a safer crypto token (2018). https://medium.com/cybermiles/building-a-safer-crypto-token-27c96a7e78fd

  20. Marc, P.: Blockchain technology: principles and applications (2016, Post-Print)

    Google Scholar 

  21. Tapscott, D., Tapscott, A.: Blockchain Revolution: How the technology Behind Bitcoin is Changing Money, Business, and the World. Penguin, New York (2016)

    Google Scholar 

  22. Smart Contracts Alliance—In collaboration with Deloitte. Smart Contracts: 12 Use Cases for Business & Beyond (2016). http://upyun-assets.ethfans.org/uploads/doc/file/1428a9bb86a140598ec7cb38424de632.pdf?_upd=Smart-contracts-12-use-cases-for-business-and-beyond.pdf

  23. Tsankov, P., Dan, A., Drachsler-Cohen, D., et al.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 67–82. Association for Computing Machinery, USA (2018)

    Google Scholar 

  24. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151, 1–32 (2014)

    Google Scholar 

  25. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  26. Min, T., Cai, W.: A security case study for blockchain games. arXiv preprint arXiv:1906.05538 (2019)

  27. Arias, L., Spagnuolo, F., Giordano, F., et al.: OpenZeppeli (2016). https://github.com/OpenZeppelin/openzeppelin-contracts

  28. Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding ´the greedy, prodigal, and suicidal contracts at scale. arXiv preprint arXiv:1802.06038 (2018)

  29. Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Conference Proceedings, pp. 254–269. ACM (2016)

    Google Scholar 

  30. Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Future Gener. Comput. Syst. 107, 841–853 (2017)

    Article  Google Scholar 

  31. Ethereum Foundation. Block validation algorithm. https://github.com/ethereum/wiki/wiki#block-validation-algorithm

  32. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: Proceedings of the 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB@ICSE 2019, Montreal, QC, Canada, 27 May 2019, pp. 8–15 (2019)

    Google Scholar 

  33. Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), Conference Proceedings, pp. 442–446. IEEE (2017)

    Google Scholar 

  34. Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)

    Google Scholar 

  35. Pomonis, M., Petsios, T., Jee, K., Polychronakis, M., Keromytis, A.D.: IntFlow: improving the accuracy of arithmetic error detection using information flow tracking. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 416–425 (2014)

    Google Scholar 

  36. Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981 (2018)

  37. Albert, E., Gordillo, P., Livshits, B., Rubio, A., Sergey, I.: Ethir: a framework for high-level analysis of ethereum bytecode. In: Lahiri, S.K., Wang, C. (eds.) Automated Technology for Verification and Analysis: 16th International Symposium, ATVA 2018, Los Angeles, CA, USA, October 7-10, 2018, Proceedings, pp. 513–520. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01090-4_30

    Chapter  Google Scholar 

  38. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: static analysis of ethereum smart contracts. In: 1st IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB@ICSE 2018, Gothenburg, Sweden, May 27–June 3, 2018, pp. 9–16 (2018)

    Google Scholar 

  39. Jiang, B., Liu, Y., Chan, W.: Contractfuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269 (2018)

    Google Scholar 

  40. Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, 03–07 December 2018, pp. 653–663 (2018)

    Google Scholar 

  41. Gao, J., Liu, H., Liu, C., et al.: Easyflow: keep ethereum away from overflow. In: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings, pp. 23–26. IEEE Press (2019)

    Google Scholar 

  42. Mavridou, A., Laszka, A.: Tool demonstration: fSolidM for designing secure ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) Principles of Security and Trust, pp. 270–277. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_11

    Chapter  Google Scholar 

  43. Breidenbach, L., Daian, P., Er, F., Juels, A.: Enter the hydra: towards principled bug bounties and exploit-resistant smart contracts. In: The Initiative for Cryptocurrencies and Contracts (IC3), vol. 2017 (2017)

    Google Scholar 

  44. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96 (2016)

    Google Scholar 

  45. Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858 (2016)

    Google Scholar 

  46. Cerezo Sánchez, D.: Raziel: private and verifiable smart contracts on blockchains. IACR Cryptol. ePrint Arch, pp. 1–56 (2017)

    Google Scholar 

  47. Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 270–282 (2016)

    Google Scholar 

  48. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018

    Google Scholar 

  49. Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217 (2018)

    Google Scholar 

  50. Ellul, J., Pace, G.J.: Runtime verification of ethereum smart contracts. In: 2018 14th European Dependable Computing Conference (EDCC), pp. 158–163 (2018)

    Google Scholar 

  51. Sinnema, R., Wilde, E.: Extensible access control markup language (XACML) XML media type, Internet Eng. Task Force (IETF), pp. 1–8 ((2013))

    Google Scholar 

  52. Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: International Symposium on Code Generation and Optimization, CGO 2004, pp. 75–86. IEEE (2004)

    Google Scholar 

  53. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.: The seahorn verification framework. In: Kroening, D., Păsăreanu, C.S. (eds.) Computer Aided Verification: 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part I, pp. 343–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_20

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported by the Hainan Provincial Natural Science Foundation of China (Grant No. 2019RC041 and 2019RC098), Research and Application Project of Key Technologies for Blockchain Cross-chain Collaborative Monitoring and Traceability for Large-scale Distributed Denial of Service Attacks, National Natural Science Foundation of China (Grant No. 61762033), Opening Project of Shanghai Trusted Industrial Control Platform (Grant No. TICPSH202003005-ZC), and Education and Teaching Reform Research Project of Hainan University (Grant No. hdjy1970).

Author information

Authors and Affiliations

  1. School of Computer Science and Cyberspace Security, Hainan University, Haikou, 570228, China

    Xiangyan Tang, Ke Zhou & Jieren Cheng

  2. Hainan Blockchain Technology Engineering Research Center, Haikou, 570228, China

    Xiangyan Tang, Ke Zhou & Jieren Cheng

  3. Hainan Huochain Tech Company Limited, Haikou, 570100, China

    Hui Li & Yuming Yuan

Authors
  1. Xiangyan Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ke Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jieren Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yuming Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Xiaorui Zhang

  3. Jinan University, Guangzhou, China

    Zhihua Xia

  4. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tang, X., Zhou, K., Cheng, J., Li, H., Yuan, Y. (2021). The Vulnerabilities in Smart Contracts: A Survey. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Advances in Artificial Intelligence and Security. ICAIS 2021. Communications in Computer and Information Science, vol 1424. Springer, Cham. https://doi.org/10.1007/978-3-030-78621-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78621-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78620-5

  • Online ISBN: 978-3-030-78621-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation