Pre-deployment Analysis of Smart Contracts -- A Survey
- URL: http://arxiv.org/abs/2301.06079v3
- Date: Fri, 30 Jun 2023 13:39:59 GMT
- Title: Pre-deployment Analysis of Smart Contracts -- A Survey
- Authors: Sundas Munir and Walid Taha
- Abstract summary: We present a systematic review of the literature on smart contract vulnerabilities and methods.
Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address.
Several patterns about the strengths of different methods emerge through this classification process.
- Score: 0.27195102129095
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Smart contracts are programs that execute transactions involving independent
parties and cryptocurrencies. As programs, smart contracts are susceptible to a
wide range of errors and vulnerabilities. Such vulnerabilities can result in
significant losses. Furthermore, by design, smart contract transactions are
irreversible. This creates a need for methods to ensure the correctness and
security of contracts pre-deployment. Recently there has been substantial
research into such methods. The sheer volume of this research makes
articulating state-of-the-art a substantial undertaking. To address this
challenge, we present a systematic review of the literature. A key feature of
our presentation is to factor out the relationship between vulnerabilities and
methods through properties. Specifically, we enumerate and classify smart
contract vulnerabilities and methods by the properties they address. The
methods considered include static analysis as well as dynamic analysis methods
and machine learning algorithms that analyze smart contracts before deployment.
Several patterns about the strengths of different methods emerge through this
classification process.
Related papers
- Vulnerability Detection in Ethereum Smart Contracts via Machine Learning: A Qualitative Analysis [0.0]
We analyze the state of the art in machine-learning vulnerability detection for smart contracts.
We discuss best practices to enhance the accuracy, scope, and efficiency of vulnerability detection in smart contracts.
arXiv Detail & Related papers (2024-07-26T10:09:44Z) - Contractual Reinforcement Learning: Pulling Arms with Invisible Hands [68.77645200579181]
We propose a theoretical framework for aligning economic interests of different stakeholders in the online learning problems through contract design.
For the planning problem, we design an efficient dynamic programming algorithm to determine the optimal contracts against the far-sighted agent.
For the learning problem, we introduce a generic design of no-regret learning algorithms to untangle the challenges from robust design of contracts to the balance of exploration and exploitation.
arXiv Detail & Related papers (2024-07-01T16:53:00Z) - Soley: Identification and Automated Detection of Logic Vulnerabilities in Ethereum Smart Contracts Using Large Language Models [1.081463830315253]
We empirically investigate logic vulnerabilities in real-world smart contracts extracted from code changes on GitHub.
We introduce Soley, an automated method for detecting logic vulnerabilities in smart contracts.
We examine mitigation strategies employed by smart contract developers to address these vulnerabilities in real-world scenarios.
arXiv Detail & Related papers (2024-06-24T00:15:18Z) - Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection [8.121484960948303]
We propose Contrastive Learning Enhanced Automated Recognition Approach for Smart Contract Vulnerabilities, named Clear.
In particular, Clear employs a contrastive learning (CL) model to capture the fine-grained correlation information among contracts.
We show that Clear achieves optimal performance over all baseline methods; (2) 9.73%-39.99% higher F1-score than existing deep learning methods.
arXiv Detail & Related papers (2024-04-27T09:13:25Z) - Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey [0.6554326244334866]
This paper presents a literature review combined with an experimental report that aims to assist developers in developing secure smarts.
It provides a list of frequent vulnerabilities and corresponding mitigation solutions.
It evaluates the community most widely used tools by executing and testing them on sample smart contracts.
arXiv Detail & Related papers (2024-03-28T19:36:53Z) - Fixing Smart Contract Vulnerabilities: A Comparative Analysis of
Literature and Developer's Practices [6.09162202256218]
We refer to vulnerability fixing in the ways found in the literature as guidelines.
It is not clear to what extent developers adhere to these guidelines, nor whether there are other viable common solutions and what they are.
The goal of our research is to fill knowledge gaps related to developers' observance of existing guidelines and to propose new and viable solutions to security vulnerabilities.
arXiv Detail & Related papers (2024-03-12T09:55:54Z) - Token-Level Adversarial Prompt Detection Based on Perplexity Measures
and Contextual Information [67.78183175605761]
Large Language Models are susceptible to adversarial prompt attacks.
This vulnerability underscores a significant concern regarding the robustness and reliability of LLMs.
We introduce a novel approach to detecting adversarial prompts at a token level.
arXiv Detail & Related papers (2023-11-20T03:17:21Z) - Formally Verifying a Real World Smart Contract [52.30656867727018]
We search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
In this article, we present our search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
arXiv Detail & Related papers (2023-07-05T14:30:21Z) - Smart Contract Vulnerability Detection: From Pure Neural Network to
Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules.
Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge.
We develop automatic tools to extract expert patterns from the source code.
We then cast the code into a semantic graph to extract deep graph features.
arXiv Detail & Related papers (2021-06-17T07:12:13Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs.
Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.