To Healthier Ethereum: A Comprehensive and Iterative Smart Contract
Weakness Enumeration
- URL: http://arxiv.org/abs/2308.10227v1
- Date: Sun, 20 Aug 2023 10:46:39 GMT
- Title: To Healthier Ethereum: A Comprehensive and Iterative Smart Contract
Weakness Enumeration
- Authors: Jiachi Chen, Mingyuan Huang, Zewei Lin, Peilin Zheng and Zibin Zheng
- Abstract summary: This paper introduces the Smart Contract Weaknession (SWE), a comprehensive and practical vulnerability list up until 2023.
SWE provides a systematic and comprehensive list of smart contract vulnerabilities, covering existing and emerging vulnerabilities in the last few years.
Regular updates involve the inclusion of new vulnerabilities from future top papers, while irregular updates enable individuals to report new weaknesses for review and potential addition to SWE.
- Score: 25.022358832096263
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: With the increasing popularity of cryptocurrencies and blockchain technology,
smart contracts have become a prominent feature in developing decentralized
applications. However, these smart contracts are susceptible to vulnerabilities
that hackers can exploit, resulting in significant financial losses. In
response to this growing concern, various initiatives have emerged. Notably,
the SWC vulnerability list played an important role in raising awareness and
understanding of smart contract weaknesses. However, the SWC list lacks
maintenance and has not been updated with new vulnerabilities since 2020. To
address this gap, this paper introduces the Smart Contract Weakness Enumeration
(SWE), a comprehensive and practical vulnerability list up until 2023. We
collect 273 vulnerability descriptions from 86 top conference papers and
journal papers, employing open card sorting techniques to deduplicate and
categorize these descriptions. This process results in the identification of 40
common contract weaknesses, which are further classified into 20 sub-research
fields through thorough discussion and analysis. SWE provides a systematic and
comprehensive list of smart contract vulnerabilities, covering existing and
emerging vulnerabilities in the last few years. Moreover, SWE is a scalable,
continuously iterative program. We propose two update mechanisms for the
maintenance of SWE. Regular updates involve the inclusion of new
vulnerabilities from future top papers, while irregular updates enable
individuals to report new weaknesses for review and potential addition to SWE.
Related papers
- A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense [1.1138859624936408]
Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem.
This paper provides a comprehensive analysis of key security risks in smart contracts, specifically those written in Solidity and executed on the Virtual Machine.
We focus on two prevalent and critical types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
arXiv Detail & Related papers (2025-04-30T10:00:36Z) - Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis [7.858744413354451]
This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism.
According to the four security events of American Chain, The, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed.
preventive measures are given.
arXiv Detail & Related papers (2025-04-08T12:25:34Z) - Smart Contract Vulnerabilities, Tools, and Benchmarks: An Updated Systematic Literature Review [2.4646766265478393]
Smart contracts are self-executing programs on blockchain platforms like, which have revolutionized decentralized finance by enabling trustless transactions and the operation of decentralized applications.
Despite their potential, the security of smart contracts remains a critical concern due to their immutability and transparency, which expose them to malicious actors.
This paper presents a systematic literature review that explores vulnerabilities in smart contracts, focusing on automated detection tools and benchmark evaluation.
arXiv Detail & Related papers (2024-12-02T17:08:48Z) - In-Context Experience Replay Facilitates Safety Red-Teaming of Text-to-Image Diffusion Models [97.82118821263825]
Text-to-image (T2I) models have shown remarkable progress, but their potential to generate harmful content remains a critical concern in the ML community.
We propose ICER, a novel red-teaming framework that generates interpretable and semantic meaningful problematic prompts.
Our work provides crucial insights for developing more robust safety mechanisms in T2I systems.
arXiv Detail & Related papers (2024-11-25T04:17:24Z) - ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts [8.756175353426304]
Smart contracts are susceptible to being exploited by attackers, especially when facing real-world vulnerabilities.
To mitigate this risk, developers often rely on third-party audit services to identify potential vulnerabilities before project deployment.
Existing pattern-based repair tools mostly fail to address real-world vulnerabilities due to their lack of high-level semantic understanding.
arXiv Detail & Related papers (2024-09-15T08:24:01Z) - Vulnerability Detection in Ethereum Smart Contracts via Machine Learning: A Qualitative Analysis [0.0]
We analyze the state of the art in machine-learning vulnerability detection for smart contracts.
We discuss best practices to enhance the accuracy, scope, and efficiency of vulnerability detection in smart contracts.
arXiv Detail & Related papers (2024-07-26T10:09:44Z) - Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts.
The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
arXiv Detail & Related papers (2024-07-22T18:27:29Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains [0.0]
In this paper, we propose the most complete list of smart contract vulnerabilities with a detailed explanation of each one of them.
In addition, we propose a new codification system that facilitates the communication of those vulnerabilities between developers and researchers.
arXiv Detail & Related papers (2023-12-01T11:01:06Z) - REEF: A Framework for Collecting Real-World Vulnerabilities and Fixes [40.401211102969356]
We propose an automated collecting framework REEF to collect REal-world vulnErabilities and Fixes from open-source repositories.
We develop a multi-language crawler to collect vulnerabilities and their fixes, and design metrics to filter for high-quality vulnerability-fix pairs.
Through extensive experiments, we demonstrate that our approach can collect high-quality vulnerability-fix pairs and generate strong explanations.
arXiv Detail & Related papers (2023-09-15T02:50:08Z) - An Automated Vulnerability Detection Framework for Smart Contracts [18.758795474791427]
We propose a framework to automatically detect vulnerabilities in smart contracts on the blockchain.
More specifically, first, we utilize novel feature vector generation techniques from bytecode of smart contract.
Next, the collected vectors are fed into our novel metric learning-based deep neural network(DNN) to get the detection result.
arXiv Detail & Related papers (2023-01-20T23:16:04Z) - ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
ThreatKG is an automated system for OSCTI gathering and management.
It efficiently collects a large number of OSCTI reports from multiple sources.
It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
arXiv Detail & Related papers (2022-12-20T16:13:59Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - A System for Automated Open-Source Threat Intelligence Gathering and
Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.