Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis
- URL: http://arxiv.org/abs/2504.05968v3
- Date: Thu, 10 Apr 2025 11:48:10 GMT
- Title: Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis
- Authors: Jixuan Wu, Lei Xie, Xiaoqi Li,
- Abstract summary: This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism.<n>According to the four security events of American Chain, The, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed.<n> preventive measures are given.
- Score: 7.858744413354451
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Smart contracts are a secure and trustworthy application that plays a vital role in decentralized applications in various fields such as insurance,the internet, and gaming. However, in recent years, smart contract security breaches have occurred frequently, and due to their financial properties, they have caused huge economic losses, such as the most famous security incident "The DAO" which caused a loss of over $60 million in Ethereum. This has drawn a lot of attention from all sides. Writing a secure smart contract is now a critical issue. This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism. The environment used in this paper is the Ethernet environment, using remix online compilation platform and Solidity language, according to the four security events of American Chain, The DAO, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed accordingly, and the scenarios of these vulnerabilities are reproduced, and the measures to prevent them are given. Finally, preventive measures are given. In addition, the principles of short address attack, early transaction attack and privileged function exposure attack are also introduced in detail, and security measures are proposed. As vulnerabilities continue to emerge, their classification will also evolve. The analysis and research of the current vulnerabilities are also to lay a solid foundation for avoiding more vulnerabilities.
Related papers
- A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense [1.1138859624936408]
Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem.
This paper provides a comprehensive analysis of key security risks in smart contracts, specifically those written in Solidity and executed on the Virtual Machine.
We focus on two prevalent and critical types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
arXiv Detail & Related papers (2025-04-30T10:00:36Z) - Mining Characteristics of Vulnerable Smart Contracts Across Lifecycle Stages [0.8225825738565354]
This paper presents the first empirical study on the security of smart contracts throughout their lifecycle.
It delves into the security issues at each stage and provides at least seven feature descriptions.
Five machine-learning classification models are used to identify vulnerabilities at different stages.
arXiv Detail & Related papers (2025-04-21T12:42:59Z) - Phantom Events: Demystifying the Issues of Log Forgery in Blockchain [31.570414211726888]
We present the first in-depth security analysis of transaction log forgery in EVM-based blockchains.<n>We propose a tool designed to detect event forgery vulnerabilities in smart contracts.<n>We have successfully identified real-world instances for all five types of attacks across multiple decentralized applications.
arXiv Detail & Related papers (2025-02-19T08:07:26Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Dual-view Aware Smart Contract Vulnerability Detection for Ethereum [5.002702845720439]
We propose a Dual-view Aware Smart Contract Vulnerability Detection Framework named DVDet.
The framework initially converts the source code and bytecode of smart contracts into weighted graphs and control flow sequences.
Comprehensive experiments on the dataset show that our method outperforms others in detecting vulnerabilities.
arXiv Detail & Related papers (2024-06-29T06:47:51Z) - Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - A security framework for Ethereum smart contracts [13.430752634838539]
This article presents ESAF, a framework for analysis of smart contracts.
It aims to unify and facilitate the task of analyzing smart contract vulnerabilities.
It can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.
arXiv Detail & Related papers (2024-02-05T22:14:21Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Architectural Design for Secure Smart Contract Development [0.0]
Several attacks on blockchain infrastructures have resulted in hundreds of millions of dollars lost and sensitive information compromised.
I identify common software vulnerabilities and attacks on blockchain infrastructures.
I propose a model for ensuring a stronger security standard for future systems leveraging smart contracts.
arXiv Detail & Related papers (2024-01-03T18:59:17Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - To Healthier Ethereum: A Comprehensive and Iterative Smart Contract
Weakness Enumeration [25.022358832096263]
This paper introduces the Smart Contract Weaknession (SWE), a comprehensive and practical vulnerability list up until 2023.
SWE provides a systematic and comprehensive list of smart contract vulnerabilities, covering existing and emerging vulnerabilities in the last few years.
Regular updates involve the inclusion of new vulnerabilities from future top papers, while irregular updates enable individuals to report new weaknesses for review and potential addition to SWE.
arXiv Detail & Related papers (2023-08-20T10:46:39Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Smart Home, security concerns of IoT [91.3755431537592]
The IoT (Internet of Things) has become widely popular in the domestic environments.
People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed.
Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
arXiv Detail & Related papers (2020-07-06T10:36:11Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.