Survey on Quality Assurance of Smart Contracts
- URL: http://arxiv.org/abs/2311.00270v3
- Date: Sun, 11 Aug 2024 14:18:56 GMT
- Title: Survey on Quality Assurance of Smart Contracts
- Authors: Zhiyuan Wei, Jing Sun, Zijian Zhang, Xianhao Zhang, Xiaoxuan Yang, Liehuang Zhu,
- Abstract summary: With the increasing adoption of smart contracts, ensuring their security has become a critical concern.
We present a systematic overview of the quality assurance of smart contracts, covering vulnerabilities, attacks, defenses, and tool support.
In order to effectively protect smart contracts, we have created a labeled dataset to evaluate various vulnerability detection tools and compare their effectiveness.
- Score: 14.34073444030935
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: With the increasing adoption of smart contracts, ensuring their security has become a critical concern. Numerous vulnerabilities and attacks have been identified and exploited, resulting in significant financial losses. In response, researchers have developed various tools and techniques to identify and prevent vulnerabilities in smart contracts. In this survey, we present a systematic overview of the quality assurance of smart contracts, covering vulnerabilities, attacks, defenses, and tool support. By classifying vulnerabilities based on known attacks, we can identify patterns and common weaknesses that need to be addressed. Moreover, in order to effectively protect smart contracts, we have created a labeled dataset to evaluate various vulnerability detection tools and compare their effectiveness.
Related papers
- New Emerged Security and Privacy of Pre-trained Model: a Survey and Outlook [54.24701201956833]
Security and privacy issues have undermined users' confidence in pre-trained models.
Current literature lacks a clear taxonomy of emerging attacks and defenses for pre-trained models.
This taxonomy categorizes attacks and defenses into No-Change, Input-Change, and Model-Change approaches.
arXiv Detail & Related papers (2024-11-12T10:15:33Z) - Vulnerability Detection in Ethereum Smart Contracts via Machine Learning: A Qualitative Analysis [0.0]
We analyze the state of the art in machine-learning vulnerability detection for smart contracts.
We discuss best practices to enhance the accuracy, scope, and efficiency of vulnerability detection in smart contracts.
arXiv Detail & Related papers (2024-07-26T10:09:44Z) - Efficiently Detecting Reentrancy Vulnerabilities in Complex Smart Contracts [35.26195628798847]
Existing vulnerability detection tools perform poorly in terms of efficiency and successful detection rates for vulnerabilities in complex contracts.
SliSE provides a robust and efficient method for detection of Reentrancy vulnerabilities for complex contracts.
arXiv Detail & Related papers (2024-03-17T16:08:30Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - Gradual Verification for Smart Contracts [0.4543820534430522]
Algos facilitate secure resource transactions through smart contracts, yet these digital agreements are prone to vulnerabilities.
Traditional verification techniques fall short in providing comprehensive security assurances.
This paper introduces an incremental approach: gradual verification.
arXiv Detail & Related papers (2023-11-22T12:42:26Z) - REEF: A Framework for Collecting Real-World Vulnerabilities and Fixes [40.401211102969356]
We propose an automated collecting framework REEF to collect REal-world vulnErabilities and Fixes from open-source repositories.
We develop a multi-language crawler to collect vulnerabilities and their fixes, and design metrics to filter for high-quality vulnerability-fix pairs.
Through extensive experiments, we demonstrate that our approach can collect high-quality vulnerability-fix pairs and generate strong explanations.
arXiv Detail & Related papers (2023-09-15T02:50:08Z) - Smart Contract and DeFi Security Tools: Do They Meet the Needs of
Practitioners? [10.771021805354911]
Attacks targeting smart contracts are increasing, causing an estimated $6.45 billion in financial losses.
We aim to shed light on the effectiveness of automated security tools in identifying vulnerabilities that can lead to high-profile attacks.
Our findings reveal a stark reality: the tools could have prevented a mere 8% of the attacks in our dataset, amounting to $149 million out of the $2.3 billion in losses.
arXiv Detail & Related papers (2023-04-06T10:27:19Z) - An Automated Vulnerability Detection Framework for Smart Contracts [18.758795474791427]
We propose a framework to automatically detect vulnerabilities in smart contracts on the blockchain.
More specifically, first, we utilize novel feature vector generation techniques from bytecode of smart contract.
Next, the collected vectors are fed into our novel metric learning-based deep neural network(DNN) to get the detection result.
arXiv Detail & Related papers (2023-01-20T23:16:04Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Trustworthy AI [75.99046162669997]
Brittleness to minor adversarial changes in the input data, ability to explain the decisions, address the bias in their training data, are some of the most prominent limitations.
We propose the tutorial on Trustworthy AI to address six critical issues in enhancing user and public trust in AI systems.
arXiv Detail & Related papers (2020-11-02T20:04:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.