Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey
Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts.
[1] F. Glatz. (2014) What are smart contracts?
https://heckerhut.medium.com/whats-a-smart-contract-in-search-of-aconsensus-
c268c830a8ad.
[2] S. D. Levi and A. B. Lipton, An Introduction to Smart
Contracts and Their Potential and Inherent Limitations, 2018,
https://corpgov.law.harvard.edu/2018/05/26/an-introduction-to-smartcontracts-
and-their-potential-and-inherent-limitations/.
[3] L. Zhang, Y. Wang, F. Li, Y. Hu, and M. H. Au, “A game-theoretic
method based on q-learning to invalidate criminal smart contracts,”
Information Sciences, vol. 498, pp. 144–153, 2019.
[4] H. T. Le, N. T. T. Le, N. N. Phien, and N. Duong-Trung, “Introducing
multi shippers mechanism for decentralized cash on delivery system,”
money, vol. 10, no. 6, 2019.
[5] B. K. Mohanta, S. S. Panda, and D. Jena, “An overview of
smart contract and use cases in blockchain technology,” in 2018
9th International Conference on Computing, Communication and
Networking Technologies (ICCCNT). IEEE, 2018, pp. 1–4.
[6] D. Perez and B. Livshits, “Smart contract vulnerabilities: Does anyone
care?” arXiv preprint arXiv:1902.06710, 2019.
[7] A. Dika, “Ethereum smart contracts: Security vulnerabilities and security
tools,” Master’s thesis, NTNU, 2017.
[8] W. Dingman, A. Cohen, N. Ferrara, A. Lynch, P. Jasinski, P. E.
Black, and L. Deng, “Defects and vulnerabilities in smart contracts,
a classification using the nist bugs framework,” International Journal of Networked and Distributed Computing, vol. 7, no. 3, pp. 121–132,
2019.
[9] J. J. Xu, “Are blockchains immune to all malicious attacks?” Financial
Innovation, vol. 2, no. 1, p. 25, 2016.
[10] R. Modi, Solidity Programming Essentials: A beginner’s guide to build
smart contracts for Ethereum and blockchain. Packt Publishing Ltd,
2018.
[11] Y. Hu, M. Liyanage, A. Mansoor, K. Thilakarathna, G. Jourjon,
A. Seneviratne, and M. Ylianttila, “The use of smart contracts and
challenges,” arXiv preprint arXiv:1810.04699, 2018.
[12] M. Alharby and A. van Moorsel, “Blockchain-based smart contracts: A
systematic mapping study,” arXiv preprint arXiv:1710.06372, 2017.
[13] R. Rawat, R. Chougule, S. Singh, S. Dixit, and G. B.-P. A. Kadam,
“Smart contracts using blockchain,” International Research Journal of
Engineering and Technology (IRJET), 2019.
[14] Y. Murray and D. A. Anisi, “Survey of formal verification methods
for smart contracts on blockchain,” in 2019 10th IFIP International
Conference on New Technologies, Mobility and Security (NTMS). IEEE,
2019, pp. 1–6.
[15] C. Dannen, Introducing Ethereum and Solidity. Springer, 2017.
[16] M. N. Temte, “Blockchain challenges traditional contract law: Just how
smart are smart contracts,” Wyo. L. Rev., vol. 19, p. 87, 2019.
[17] A. Bahga and V. K. Madisetti, “Blockchain platform for industrial
internet of things,” Journal of Software Engineering and Applications,
vol. 9, no. 10, p. 533, 2016.
[18] T. Sameeh. (2018) An overview of the most
reliable cryptocurrency smart contract platforms.
https://www.cointelligence.com/content/smart-contract-platforms-guide/.
[19] Kryptographe. (2018) Which are the top 5
smart blockchain based smart contract platforms?
https://www.kryptographe.com/top-5-smart-blockchain-based-smartcontract-
platforms/.
[20] R. Jackson. (2019) The top 5 smart contract development platforms.
https://hackernoon.com/top-5-smart-contract-platforms-to-check-out-in-
2019-1igc3w1m.
[21] A. Davies. (2019) 5 best smart contract platforms for
2019. https://www.devteam.space/blog/5-best-smart-contractplatforms-
for-2019/.
[22] N. Myers. (2019) The essential list of smart contract platform resources.
https://www.freestartupkits.com/articles/technology/coding/the-essentiallist-
of-smart//-contract-platforms/.
[23] R. M. Parizi, A. Dehghantanha et al., “Smart contract programming
languages on blockchains: An empirical evaluation of usability and
security,” in International Conference on Blockchain. Springer, 2018,
pp. 75–91.
[24] V. Buterin et al., “A next-generation smart contract and decentralized
application platform,” white paper, vol. 3, p. 37, 2014.
[25] Techopedia. (2019) Runtime environment (rte).
https://www.techopedia.com/definition/5466/runtime-environment-rte.
[26] P. Praitheeshan, L. Pan, J. Yu, J. Liu, and R. Doss, “Security analysis
methods on ethereum smart contract vulnerabilities: A survey,” arXiv
preprint arXiv:1908.08605, 2019.
[27] S. Rouhani and R. Deters, “Security, performance, and applications
of smart contracts: A systematic survey,” IEEE Access, vol. 7, pp.
50 759–50 779, 2019.
[28] K. Kovalenko. (2019) Investing in smart contract platforms.
https://www.blog.nomics.com/essays/investing-in-smart-contract-platforms/
platform-usage.
[29] Sanbase. (2019) All assets. https://https://www.app.santiment.net/assets/all/.
[30] T. Sameeh. (2019) Dapps statistics.
https://www.stateofthedapps.com/stats/platform/ethereum/new/.
[31] M. brings transparency. (2019) Dapps statistics.
https://messari.io/screener.
[32] M. Academic. (2020 (accessed 2020)) Vulnerability (computing).
https://academic.microsoft.com/.
[33] M. Giancaspro, “Is a ’smart contract’really a smart idea? insights from
a legal perspective,” Computer law & security review, vol. 33, no. 6, pp.
825–835, 2017.
[34] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum
smart contracts (sok),” in International Conference on Principles of
Security and Trust. Springer, 2017, pp. 164–186.
[35] K. Chatterjee, A. K. Goharshady, and Y. Velner, “Quantitative analysis of
smart contracts,” in European Symposium on Programming. Springer,
Cham, 2018, pp. 739–767.
[36] V. Saini. (2018) Contractpedia: An
encyclopedia of 40+ smart contract platforms.
https://hackernoon.com/contractpedia-an-encyclopedia-of-40-smartcontract-
platforms-4867f66da1e5.
[37] C. Details. (2019) The ultimate security vulnerability datasource.
https://www.cvedetails.com/vulnerability-list.php/.
[38] M. Gogan. (2018) Smart contract security: What are
the weak spots of ethereum, eos, and neo networks?
https://www.technative.io/smart-contract-security-what-are-the-weakspots-
of-ethereum-eos-and-neo-networks/.
[39] K. Jing. (2019) Eos smart contract development security best practices.
https://github.com/slowmist/eos-smart-contract-security-best-practices/
blob/master/.
[40] NIST. (2019) The bugs framework (bf).
https://samate.nist.gov/BF/Classes/KMN.html.
[41] Github. (2018) Comprehensive list of known
attack vectors and common anti-patterns.
https://github.com/sigp/solidity-security-blog/precision-vuln.
[42] F. Junis, F. M. W. Prasetya, F. I. Lubay, and A. K. Sari, “A
revisit on blockchain-based smart contract technology,” arXiv preprint
arXiv:1907.09199, 2019.
[43] Y. Fu, M. Ren, F. Ma, Y. Jiang, H. Shi, and J. Sun, “Evmfuzz:
Differential fuzz testing of ethereum virtual machine,” arXiv preprint
arXiv:1903.08483, 2019.
[44] Y. Fu, M. Ren, F. Ma, H. Shi, X. Yang, Y. Jiang, H. Li, and X. Shi,
“Evmfuzzer: detect evm vulnerabilities via fuzz testing,” in Proceedings
of the 2019 27th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering.
ACM, 2019, pp. 1110–1114.
[45] C. Details. (2018) Webassembly virtual machine project : Security
vulnerabilities. https://www.cvedetails.com/vulnerability-list/.
[46] M. Larabel. (2019) Llvm stack clash compiler protection is under review.
https://www.phoronix.com/.
[47] S. blog. (2017 (accessed december 14, 2019))
Decentralized application security project.
https://steemit.com/blockchain/@aetrnty/aeternity-s-smart-contracts.
[48] D. Schatz, R. Bashroush, and J. Wall, “Towards a more representative
definition of cyber security,” Journal of Digital Forensics, Security and
Law, vol. 12, no. 2, pp. 53–74, 2017.
[49] G. O. Karame and E. Androulaki, Bitcoin and blockchain security.
Artech House, 2016.
[50] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart
contracts smarter,” in Proceedings of the 2016 ACM SIGSAC conference
on computer and communications security. ACM, 2016, pp. 254–269.
[51] T. Abdellatif and K.-L. Brousmiche, “Formal verification of smart
contracts based on users and blockchain behaviors models,” in 2018
9th IFIP International Conference on New Technologies, Mobility and
Security (NTMS). IEEE, 2018, pp. 1–5.
[52] G. Bigi, A. Bracciali, G. Meacci, and E. Tuosto, “Validation of
decentralised smart contracts through game theory and formal methods,”
in Programming Languages with Applications to Biology and Security.
Springer, 2015, pp. 142–161.
[53] K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi,
G. Gonthier, N. Kobeissi, A. Rastogi, T. Sibut-Pinote, N. Swamy,
and S. Zanella-B´eguelin, “Short paper: Formal verification of smart
contracts,” in Proceedings of the 11th ACM Workshop on Programming
Languages and Analysis for Security (PLAS), in conjunction with ACM
CCS, 2016, pp. 91–96.
[54] Z. Nehai, P.-Y. Piriou, and F. Daumas, “Model-checking of smart
contracts,” in 2018 IEEE International Conference on Internet of Things
(iThings) and IEEE Green Computing and Communications (GreenCom)
and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE
Smart Data (SmartData). IEEE, 2018, pp. 980–987.
[55] M. Di Angelo and G. Salzer, “A survey of tools for analyzing
ethereum smart contracts,” in 2019 IEEE International Conference on
Decentralized Applications and Infrastructures (DAPPCON). IEEE,
2019.
[56] J.-L. Lanet, “D´etection de vuln´erabilit´es appliqu´eea la v´erification de
code interm´ediaire de java card,” Ph.D. dissertation, UNIVERSIT´E DE
LIMOGES, 2016.
[57] NASA. (2020) What is formal methods?
https://shemesh.larc.nasa.gov/fm/fm-what.html.
[58] C. M. Holloway, “Why engineers should consider formal methods,” in
16th DASC. AIAA/IEEE digital avionics systems conference. Reflections
to the future. Proceedings, vol. 1. IEEE, 1997, pp. 1–3.
[59] B. CURRAN, How Formal Verification Can Reduce
Bugs & Vulnerabilities in Smart Contracts, 2018,
https://blockonomi.com/formal-verification-smart-contracts/. [60] Y. Hirai, “Formal verification of deed contract in ethereum
name service,” November-2016.[Online]. Available: https://yoichihirai.
com/deed. pdf, 2016.
[61] S. Amani, M. B´egel, M. Bortin, and M. Staples, “Towards verifying
ethereum smart contract bytecode in isabelle/hol,” in Proceedings of the
7th ACM SIGPLAN International Conference on Certified Programs and
Proofs. ACM, 2018, pp. 66–77.
[62] P. Sivakumar and K. Singh, “Privacy based decentralized public key
infrastructure (pki) implementation using smart contract in blockchain,”
technical report, 2018.
[63] F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi, “Town crier: An
authenticated data feed for smart contracts,” in Proceedings of the 2016
aCM sIGSAC conference on computer and communications security.
ACM, 2016, pp. 270–282.
[64] P. Mell, J. Dray, and J. Shook, “Smart contract federated identity
management without third party authentication services,” arXiv preprint
arXiv:1906.11057, 2019.
[65] J. P. Cruz, Y. Kaji, and N. Yanai, “Rbac-sc: Role-based access control
using smart contract,” IEEE Access, vol. 6, pp. 12 240–12 251, 2018.
[66] H. Guo, E. Meamari, and C.-C. Shen, “Multi-authority attribute-based
access control with smart contract,” in Proceedings of the 2019
International Conference on Blockchain Technology. ACM, 2019, pp.
6–11.
[67] R. M. Parizi, A. Dehghantanha, K.-K. R. Choo, and A. Singh, “Empirical
vulnerability analysis of automated smart contracts security testing
on blockchains,” in Proceedings of the 28th Annual International
Conference on Computer Science and Software Engineering. IBM
Corp., 2018, pp. 103–113.
[68] H. Wang, Y. Li, S.-W. Lin, L. Ma, and Y. Liu, “Vultron: catching
vulnerable smart contracts once and for all,” in Proceedings of the
41st International Conference on Software Engineering: New Ideas and
Emerging Results. IEEE Press, 2019, pp. 1–4.
[69] B. Jiang, Y. Liu, and W. Chan, “Contractfuzzer: Fuzzing smart contracts
for vulnerability detection,” in Proceedings of the 33rd ACM/IEEE
International Conference on Automated Software Engineering. ACM,
2018, pp. 259–269.
[70] USLegal, Access Control Mechanism National
Security Law and Legal Definition, 2019,
https://definitions.uslegal.com/a/access-control-mechanism-national-security/.
[71] M. Thakur et al., “Authentication, authorization and accounting with
ethereum blockchain,” Master’s thesis, Helsingfors universitet, 2017.
[72] A. Dika and M. Nowostawski, “Security vulnerabilities in ethereum
smart contracts,” in 2018 IEEE International Conference on Internet
of Things (iThings) and IEEE Green Computing and Communications
(GreenCom) and IEEE Cyber, Physical and Social Computing
(CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018, pp.
955–962.
[73] V. Buterin. (2016) Thinking about smart contract security.
https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/.
[74] W. Zou, D. Lo, P. S. Kochhar, X.-B. D. Le, X. Xia, Y. Feng, Z. Chen,
and B. Xu, “Smart contract development: Challenges and opportunities,”
IEEE Transactions on Software Engineering, 2019.
[75] F. Scicchitano, A. Liguori, M. Guarascio, E. Ritacco, and G. Manco, “A
deep learning approach for detecting security attacks on blockchain.” in
ITASEC, 2020, pp. 212–222.
[76] H. M. Kim, M. Laskowski, and N. Nan, “A first step in the
co-evolution of blockchain and ontologies: Towards engineering an
ontology of governance at the blockchain protocol level,” arXiv preprint
arXiv:1801.02027, 2018.
[77] L. Y. XIAO, A.-B. OMAR, L. DAVID, and R. ABHIK, “Smart contract
repair,” arXiv preprint arXiv:1912.05823v1, 2019.
[1] F. Glatz. (2014) What are smart contracts?
https://heckerhut.medium.com/whats-a-smart-contract-in-search-of-aconsensus-
c268c830a8ad.
[2] S. D. Levi and A. B. Lipton, An Introduction to Smart
Contracts and Their Potential and Inherent Limitations, 2018,
https://corpgov.law.harvard.edu/2018/05/26/an-introduction-to-smartcontracts-
and-their-potential-and-inherent-limitations/.
[3] L. Zhang, Y. Wang, F. Li, Y. Hu, and M. H. Au, “A game-theoretic
method based on q-learning to invalidate criminal smart contracts,”
Information Sciences, vol. 498, pp. 144–153, 2019.
[4] H. T. Le, N. T. T. Le, N. N. Phien, and N. Duong-Trung, “Introducing
multi shippers mechanism for decentralized cash on delivery system,”
money, vol. 10, no. 6, 2019.
[5] B. K. Mohanta, S. S. Panda, and D. Jena, “An overview of
smart contract and use cases in blockchain technology,” in 2018
9th International Conference on Computing, Communication and
Networking Technologies (ICCCNT). IEEE, 2018, pp. 1–4.
[6] D. Perez and B. Livshits, “Smart contract vulnerabilities: Does anyone
care?” arXiv preprint arXiv:1902.06710, 2019.
[7] A. Dika, “Ethereum smart contracts: Security vulnerabilities and security
tools,” Master’s thesis, NTNU, 2017.
[8] W. Dingman, A. Cohen, N. Ferrara, A. Lynch, P. Jasinski, P. E.
Black, and L. Deng, “Defects and vulnerabilities in smart contracts,
a classification using the nist bugs framework,” International Journal of Networked and Distributed Computing, vol. 7, no. 3, pp. 121–132,
2019.
[9] J. J. Xu, “Are blockchains immune to all malicious attacks?” Financial
Innovation, vol. 2, no. 1, p. 25, 2016.
[10] R. Modi, Solidity Programming Essentials: A beginner’s guide to build
smart contracts for Ethereum and blockchain. Packt Publishing Ltd,
2018.
[11] Y. Hu, M. Liyanage, A. Mansoor, K. Thilakarathna, G. Jourjon,
A. Seneviratne, and M. Ylianttila, “The use of smart contracts and
challenges,” arXiv preprint arXiv:1810.04699, 2018.
[12] M. Alharby and A. van Moorsel, “Blockchain-based smart contracts: A
systematic mapping study,” arXiv preprint arXiv:1710.06372, 2017.
[13] R. Rawat, R. Chougule, S. Singh, S. Dixit, and G. B.-P. A. Kadam,
“Smart contracts using blockchain,” International Research Journal of
Engineering and Technology (IRJET), 2019.
[14] Y. Murray and D. A. Anisi, “Survey of formal verification methods
for smart contracts on blockchain,” in 2019 10th IFIP International
Conference on New Technologies, Mobility and Security (NTMS). IEEE,
2019, pp. 1–6.
[15] C. Dannen, Introducing Ethereum and Solidity. Springer, 2017.
[16] M. N. Temte, “Blockchain challenges traditional contract law: Just how
smart are smart contracts,” Wyo. L. Rev., vol. 19, p. 87, 2019.
[17] A. Bahga and V. K. Madisetti, “Blockchain platform for industrial
internet of things,” Journal of Software Engineering and Applications,
vol. 9, no. 10, p. 533, 2016.
[18] T. Sameeh. (2018) An overview of the most
reliable cryptocurrency smart contract platforms.
https://www.cointelligence.com/content/smart-contract-platforms-guide/.
[19] Kryptographe. (2018) Which are the top 5
smart blockchain based smart contract platforms?
https://www.kryptographe.com/top-5-smart-blockchain-based-smartcontract-
platforms/.
[20] R. Jackson. (2019) The top 5 smart contract development platforms.
https://hackernoon.com/top-5-smart-contract-platforms-to-check-out-in-
2019-1igc3w1m.
[21] A. Davies. (2019) 5 best smart contract platforms for
2019. https://www.devteam.space/blog/5-best-smart-contractplatforms-
for-2019/.
[22] N. Myers. (2019) The essential list of smart contract platform resources.
https://www.freestartupkits.com/articles/technology/coding/the-essentiallist-
of-smart//-contract-platforms/.
[23] R. M. Parizi, A. Dehghantanha et al., “Smart contract programming
languages on blockchains: An empirical evaluation of usability and
security,” in International Conference on Blockchain. Springer, 2018,
pp. 75–91.
[24] V. Buterin et al., “A next-generation smart contract and decentralized
application platform,” white paper, vol. 3, p. 37, 2014.
[25] Techopedia. (2019) Runtime environment (rte).
https://www.techopedia.com/definition/5466/runtime-environment-rte.
[26] P. Praitheeshan, L. Pan, J. Yu, J. Liu, and R. Doss, “Security analysis
methods on ethereum smart contract vulnerabilities: A survey,” arXiv
preprint arXiv:1908.08605, 2019.
[27] S. Rouhani and R. Deters, “Security, performance, and applications
of smart contracts: A systematic survey,” IEEE Access, vol. 7, pp.
50 759–50 779, 2019.
[28] K. Kovalenko. (2019) Investing in smart contract platforms.
https://www.blog.nomics.com/essays/investing-in-smart-contract-platforms/
platform-usage.
[29] Sanbase. (2019) All assets. https://https://www.app.santiment.net/assets/all/.
[30] T. Sameeh. (2019) Dapps statistics.
https://www.stateofthedapps.com/stats/platform/ethereum/new/.
[31] M. brings transparency. (2019) Dapps statistics.
https://messari.io/screener.
[32] M. Academic. (2020 (accessed 2020)) Vulnerability (computing).
https://academic.microsoft.com/.
[33] M. Giancaspro, “Is a ’smart contract’really a smart idea? insights from
a legal perspective,” Computer law & security review, vol. 33, no. 6, pp.
825–835, 2017.
[34] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum
smart contracts (sok),” in International Conference on Principles of
Security and Trust. Springer, 2017, pp. 164–186.
[35] K. Chatterjee, A. K. Goharshady, and Y. Velner, “Quantitative analysis of
smart contracts,” in European Symposium on Programming. Springer,
Cham, 2018, pp. 739–767.
[36] V. Saini. (2018) Contractpedia: An
encyclopedia of 40+ smart contract platforms.
https://hackernoon.com/contractpedia-an-encyclopedia-of-40-smartcontract-
platforms-4867f66da1e5.
[37] C. Details. (2019) The ultimate security vulnerability datasource.
https://www.cvedetails.com/vulnerability-list.php/.
[38] M. Gogan. (2018) Smart contract security: What are
the weak spots of ethereum, eos, and neo networks?
https://www.technative.io/smart-contract-security-what-are-the-weakspots-
of-ethereum-eos-and-neo-networks/.
[39] K. Jing. (2019) Eos smart contract development security best practices.
https://github.com/slowmist/eos-smart-contract-security-best-practices/
blob/master/.
[40] NIST. (2019) The bugs framework (bf).
https://samate.nist.gov/BF/Classes/KMN.html.
[41] Github. (2018) Comprehensive list of known
attack vectors and common anti-patterns.
https://github.com/sigp/solidity-security-blog/precision-vuln.
[42] F. Junis, F. M. W. Prasetya, F. I. Lubay, and A. K. Sari, “A
revisit on blockchain-based smart contract technology,” arXiv preprint
arXiv:1907.09199, 2019.
[43] Y. Fu, M. Ren, F. Ma, Y. Jiang, H. Shi, and J. Sun, “Evmfuzz:
Differential fuzz testing of ethereum virtual machine,” arXiv preprint
arXiv:1903.08483, 2019.
[44] Y. Fu, M. Ren, F. Ma, H. Shi, X. Yang, Y. Jiang, H. Li, and X. Shi,
“Evmfuzzer: detect evm vulnerabilities via fuzz testing,” in Proceedings
of the 2019 27th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering.
ACM, 2019, pp. 1110–1114.
[45] C. Details. (2018) Webassembly virtual machine project : Security
vulnerabilities. https://www.cvedetails.com/vulnerability-list/.
[46] M. Larabel. (2019) Llvm stack clash compiler protection is under review.
https://www.phoronix.com/.
[47] S. blog. (2017 (accessed december 14, 2019))
Decentralized application security project.
https://steemit.com/blockchain/@aetrnty/aeternity-s-smart-contracts.
[48] D. Schatz, R. Bashroush, and J. Wall, “Towards a more representative
definition of cyber security,” Journal of Digital Forensics, Security and
Law, vol. 12, no. 2, pp. 53–74, 2017.
[49] G. O. Karame and E. Androulaki, Bitcoin and blockchain security.
Artech House, 2016.
[50] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart
contracts smarter,” in Proceedings of the 2016 ACM SIGSAC conference
on computer and communications security. ACM, 2016, pp. 254–269.
[51] T. Abdellatif and K.-L. Brousmiche, “Formal verification of smart
contracts based on users and blockchain behaviors models,” in 2018
9th IFIP International Conference on New Technologies, Mobility and
Security (NTMS). IEEE, 2018, pp. 1–5.
[52] G. Bigi, A. Bracciali, G. Meacci, and E. Tuosto, “Validation of
decentralised smart contracts through game theory and formal methods,”
in Programming Languages with Applications to Biology and Security.
Springer, 2015, pp. 142–161.
[53] K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi,
G. Gonthier, N. Kobeissi, A. Rastogi, T. Sibut-Pinote, N. Swamy,
and S. Zanella-B´eguelin, “Short paper: Formal verification of smart
contracts,” in Proceedings of the 11th ACM Workshop on Programming
Languages and Analysis for Security (PLAS), in conjunction with ACM
CCS, 2016, pp. 91–96.
[54] Z. Nehai, P.-Y. Piriou, and F. Daumas, “Model-checking of smart
contracts,” in 2018 IEEE International Conference on Internet of Things
(iThings) and IEEE Green Computing and Communications (GreenCom)
and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE
Smart Data (SmartData). IEEE, 2018, pp. 980–987.
[55] M. Di Angelo and G. Salzer, “A survey of tools for analyzing
ethereum smart contracts,” in 2019 IEEE International Conference on
Decentralized Applications and Infrastructures (DAPPCON). IEEE,
2019.
[56] J.-L. Lanet, “D´etection de vuln´erabilit´es appliqu´eea la v´erification de
code interm´ediaire de java card,” Ph.D. dissertation, UNIVERSIT´E DE
LIMOGES, 2016.
[57] NASA. (2020) What is formal methods?
https://shemesh.larc.nasa.gov/fm/fm-what.html.
[58] C. M. Holloway, “Why engineers should consider formal methods,” in
16th DASC. AIAA/IEEE digital avionics systems conference. Reflections
to the future. Proceedings, vol. 1. IEEE, 1997, pp. 1–3.
[59] B. CURRAN, How Formal Verification Can Reduce
Bugs & Vulnerabilities in Smart Contracts, 2018,
https://blockonomi.com/formal-verification-smart-contracts/. [60] Y. Hirai, “Formal verification of deed contract in ethereum
name service,” November-2016.[Online]. Available: https://yoichihirai.
com/deed. pdf, 2016.
[61] S. Amani, M. B´egel, M. Bortin, and M. Staples, “Towards verifying
ethereum smart contract bytecode in isabelle/hol,” in Proceedings of the
7th ACM SIGPLAN International Conference on Certified Programs and
Proofs. ACM, 2018, pp. 66–77.
[62] P. Sivakumar and K. Singh, “Privacy based decentralized public key
infrastructure (pki) implementation using smart contract in blockchain,”
technical report, 2018.
[63] F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi, “Town crier: An
authenticated data feed for smart contracts,” in Proceedings of the 2016
aCM sIGSAC conference on computer and communications security.
ACM, 2016, pp. 270–282.
[64] P. Mell, J. Dray, and J. Shook, “Smart contract federated identity
management without third party authentication services,” arXiv preprint
arXiv:1906.11057, 2019.
[65] J. P. Cruz, Y. Kaji, and N. Yanai, “Rbac-sc: Role-based access control
using smart contract,” IEEE Access, vol. 6, pp. 12 240–12 251, 2018.
[66] H. Guo, E. Meamari, and C.-C. Shen, “Multi-authority attribute-based
access control with smart contract,” in Proceedings of the 2019
International Conference on Blockchain Technology. ACM, 2019, pp.
6–11.
[67] R. M. Parizi, A. Dehghantanha, K.-K. R. Choo, and A. Singh, “Empirical
vulnerability analysis of automated smart contracts security testing
on blockchains,” in Proceedings of the 28th Annual International
Conference on Computer Science and Software Engineering. IBM
Corp., 2018, pp. 103–113.
[68] H. Wang, Y. Li, S.-W. Lin, L. Ma, and Y. Liu, “Vultron: catching
vulnerable smart contracts once and for all,” in Proceedings of the
41st International Conference on Software Engineering: New Ideas and
Emerging Results. IEEE Press, 2019, pp. 1–4.
[69] B. Jiang, Y. Liu, and W. Chan, “Contractfuzzer: Fuzzing smart contracts
for vulnerability detection,” in Proceedings of the 33rd ACM/IEEE
International Conference on Automated Software Engineering. ACM,
2018, pp. 259–269.
[70] USLegal, Access Control Mechanism National
Security Law and Legal Definition, 2019,
https://definitions.uslegal.com/a/access-control-mechanism-national-security/.
[71] M. Thakur et al., “Authentication, authorization and accounting with
ethereum blockchain,” Master’s thesis, Helsingfors universitet, 2017.
[72] A. Dika and M. Nowostawski, “Security vulnerabilities in ethereum
smart contracts,” in 2018 IEEE International Conference on Internet
of Things (iThings) and IEEE Green Computing and Communications
(GreenCom) and IEEE Cyber, Physical and Social Computing
(CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018, pp.
955–962.
[73] V. Buterin. (2016) Thinking about smart contract security.
https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/.
[74] W. Zou, D. Lo, P. S. Kochhar, X.-B. D. Le, X. Xia, Y. Feng, Z. Chen,
and B. Xu, “Smart contract development: Challenges and opportunities,”
IEEE Transactions on Software Engineering, 2019.
[75] F. Scicchitano, A. Liguori, M. Guarascio, E. Ritacco, and G. Manco, “A
deep learning approach for detecting security attacks on blockchain.” in
ITASEC, 2020, pp. 212–222.
[76] H. M. Kim, M. Laskowski, and N. Nan, “A first step in the
co-evolution of blockchain and ontologies: Towards engineering an
ontology of governance at the blockchain protocol level,” arXiv preprint
arXiv:1801.02027, 2018.
[77] L. Y. XIAO, A.-B. OMAR, L. DAVID, and R. ABHIK, “Smart contract
repair,” arXiv preprint arXiv:1912.05823v1, 2019.
@article{"International Journal of Information, Control and Computer Sciences:80801", author = "Malaw Ndiaye and Karim Konate", title = "Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey", abstract = "Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts.", keywords = "Blockchain, bitcoin, smart Contract, criminal smart
contract, security.", volume = "16", number = "5", pages = "134-10", }
