Mining Characteristics of Vulnerable Smart Contracts Across Lifecycle Stages
- URL: http://arxiv.org/abs/2504.15063v1
- Date: Mon, 21 Apr 2025 12:42:59 GMT
- Title: Mining Characteristics of Vulnerable Smart Contracts Across Lifecycle Stages
- Authors: Hongli Peng, Xiaoqi Li, Wenkai Li,
- Abstract summary: This paper presents the first empirical study on the security of smart contracts throughout their lifecycle.<n>It delves into the security issues at each stage and provides at least seven feature descriptions.<n>Five machine-learning classification models are used to identify vulnerabilities at different stages.
- Score: 0.8225825738565354
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Smart contracts are the cornerstone of decentralized applications and financial protocols, which extend the application of digital currency transactions. The applications and financial protocols introduce significant security challenges, resulting in substantial economic losses. Existing solutions predominantly focus on code vulnerabilities within smart contracts, accounting for only 50% of security incidents. Therefore, a more comprehensive study of security issues related to smart contracts is imperative. The existing empirical research realizes the static analysis of smart contracts from the perspective of the lifecycle and gives the corresponding measures for each stage. However, they lack the characteristic analysis of vulnerabilities in each stage and the distinction between the vulnerabilities. In this paper, we present the first empirical study on the security of smart contracts throughout their lifecycle, including deployment and execution, upgrade, and destruction stages. It delves into the security issues at each stage and provides at least seven feature descriptions. Finally, utilizing these seven features, five machine-learning classification models are used to identify vulnerabilities at different stages. The classification results reveal that vulnerable contracts exhibit distinct transaction features and ego network properties at various stages.
Related papers
- A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense [1.1138859624936408]
Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem.
This paper provides a comprehensive analysis of key security risks in smart contracts, specifically those written in Solidity and executed on the Virtual Machine.
We focus on two prevalent and critical types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
arXiv Detail & Related papers (2025-04-30T10:00:36Z) - Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis [7.858744413354451]
This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism.<n>According to the four security events of American Chain, The, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed.<n> preventive measures are given.
arXiv Detail & Related papers (2025-04-08T12:25:34Z) - Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
This survey examines the trustworthiness of GUI agents in five critical dimensions.<n>We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making.<n>As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
arXiv Detail & Related papers (2025-03-30T13:26:00Z) - Vulnerability Detection in Ethereum Smart Contracts via Machine Learning: A Qualitative Analysis [0.0]
We analyze the state of the art in machine-learning vulnerability detection for smart contracts.
We discuss best practices to enhance the accuracy, scope, and efficiency of vulnerability detection in smart contracts.
arXiv Detail & Related papers (2024-07-26T10:09:44Z) - Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts.
The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
arXiv Detail & Related papers (2024-07-22T18:27:29Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars.
Various tools have been developed to detect and mitigate vulnerabilities in smart contracts.
This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
arXiv Detail & Related papers (2023-12-27T11:26:26Z) - A Comprehensive Study of Governance Issues in Decentralized Finance
Applications [45.033994319846244]
We present a comprehensive study of governance issues in DeFi applications.
We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies.
Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues.
arXiv Detail & Related papers (2023-11-02T17:46:59Z) - Enhancing Smart Contract Security Analysis with Execution Property Graphs [48.31617821205042]
We introduce Clue, a dynamic analysis framework specifically designed for a runtime virtual machine.<n>Clue captures critical information during contract executions, employing a novel graph-based representation, the Execution Property Graph.<n> evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools.
arXiv Detail & Related papers (2023-05-23T13:16:42Z) - Pre-deployment Analysis of Smart Contracts -- A Survey [0.27195102129095]
We present a systematic review of the literature on smart contract vulnerabilities and methods.
Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address.
Several patterns about the strengths of different methods emerge through this classification process.
arXiv Detail & Related papers (2023-01-15T12:36:56Z) - Exploring Robustness of Unsupervised Domain Adaptation in Semantic
Segmentation [74.05906222376608]
We propose adversarial self-supervision UDA (or ASSUDA) that maximizes the agreement between clean images and their adversarial examples by a contrastive loss in the output space.
This paper is rooted in two observations: (i) the robustness of UDA methods in semantic segmentation remains unexplored, which pose a security concern in this field; and (ii) although commonly used self-supervision (e.g., rotation and jigsaw) benefits image tasks such as classification and recognition, they fail to provide the critical supervision signals that could learn discriminative representation for segmentation tasks.
arXiv Detail & Related papers (2021-05-23T01:50:44Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.