Smart Contract Vulnerabilities, Tools, and Benchmarks: An Updated Systematic Literature Review
- URL: http://arxiv.org/abs/2412.01719v1
- Date: Mon, 02 Dec 2024 17:08:48 GMT
- Title: Smart Contract Vulnerabilities, Tools, and Benchmarks: An Updated Systematic Literature Review
- Authors: Gerardo Iuliano, Dario Di Nucci,
- Abstract summary: Smart contracts are self-executing programs on blockchain platforms like, which have revolutionized decentralized finance by enabling trustless transactions and the operation of decentralized applications.<n>Despite their potential, the security of smart contracts remains a critical concern due to their immutability and transparency, which expose them to malicious actors.<n>This paper presents a systematic literature review that explores vulnerabilities in smart contracts, focusing on automated detection tools and benchmark evaluation.
- Score: 2.4646766265478393
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Smart contracts are self-executing programs on blockchain platforms like Ethereum, which have revolutionized decentralized finance by enabling trustless transactions and the operation of decentralized applications. Despite their potential, the security of smart contracts remains a critical concern due to their immutability and transparency, which expose them to malicious actors. The connections of contracts further complicate vulnerability detection. This paper presents a systematic literature review that explores vulnerabilities in Ethereum smart contracts, focusing on automated detection tools and benchmark evaluation. We reviewed 1,888 studies from five digital libraries and five major software engineering conferences, applying a structured selection process that resulted in 131 high-quality studies. The key results include a hierarchical taxonomy of 101 vulnerabilities grouped into ten categories, a comprehensive list of 144 detection tools with corresponding functionalities, methods, and code transformation techniques, and a collection of 102 benchmarks used for tool evaluation. We conclude with insights on the current state of Ethereum smart contract security and directions for future research.
Related papers
- Vulnerability Detection in Ethereum Smart Contracts via Machine Learning: A Qualitative Analysis [0.0]
We analyze the state of the art in machine-learning vulnerability detection for smart contracts.
We discuss best practices to enhance the accuracy, scope, and efficiency of vulnerability detection in smart contracts.
arXiv Detail & Related papers (2024-07-26T10:09:44Z) - Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts.
The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
arXiv Detail & Related papers (2024-07-22T18:27:29Z) - Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey [0.6554326244334866]
This paper presents a literature review combined with an experimental report that aims to assist developers in developing secure smarts.
It provides a list of frequent vulnerabilities and corresponding mitigation solutions.
It evaluates the community most widely used tools by executing and testing them on sample smart contracts.
arXiv Detail & Related papers (2024-03-28T19:36:53Z) - Efficiently Detecting Reentrancy Vulnerabilities in Complex Smart Contracts [35.26195628798847]
Existing vulnerability detection tools perform poorly in terms of efficiency and successful detection rates for vulnerabilities in complex contracts.
SliSE provides a robust and efficient method for detection of Reentrancy vulnerabilities for complex contracts.
arXiv Detail & Related papers (2024-03-17T16:08:30Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - A Comprehensive Study of Governance Issues in Decentralized Finance
Applications [45.033994319846244]
We present a comprehensive study of governance issues in DeFi applications.
We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies.
Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues.
arXiv Detail & Related papers (2023-11-02T17:46:59Z) - Empirical Review of Smart Contract and DeFi Security: Vulnerability
Detection and Automated Repair [36.46679501556185]
Decentralized Finance (DeFi) is emerging as a peer-to-peer financial ecosystem.
smart contracts hold a massive amount of value, making them an attractive target for attacks.
This paper reviews the progress made in the field of smart contract and DeFi security from the perspective of both vulnerability detection and automated repair.
arXiv Detail & Related papers (2023-09-05T17:00:42Z) - Enhancing Smart Contract Security Analysis with Execution Property Graphs [48.31617821205042]
We introduce Clue, a dynamic analysis framework specifically designed for a runtime virtual machine.
Clue captures critical information during contract executions, employing a novel graph-based representation, the Execution Property Graph.
evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools.
arXiv Detail & Related papers (2023-05-23T13:16:42Z) - Pre-deployment Analysis of Smart Contracts -- A Survey [0.27195102129095]
We present a systematic review of the literature on smart contract vulnerabilities and methods.
Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address.
Several patterns about the strengths of different methods emerge through this classification process.
arXiv Detail & Related papers (2023-01-15T12:36:56Z) - Smart Contract Vulnerability Detection: From Pure Neural Network to
Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules.
Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge.
We develop automatic tools to extract expert patterns from the source code.
We then cast the code into a semantic graph to extract deep graph features.
arXiv Detail & Related papers (2021-06-17T07:12:13Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.