A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense

• URL: http://arxiv.org/abs/2504.21480v1
• Date: Wed, 30 Apr 2025 10:00:36 GMT
• Title: A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense
• Authors: Yuchen Ding, Hongli Peng, Xiaoqi Li,
• Abstract summary: Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem.<n>This paper provides a comprehensive analysis of key security risks in smart contracts, specifically those written in Solidity and executed on the Virtual Machine.<n>We focus on two prevalent and critical types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
• Score: 1.1138859624936408
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution. Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem, as demonstrated by the growing frequency of attacks since 2016, resulting in substantial financial losses. This paper provides a comprehensive analysis of key security risks in Ethereum smart contracts, specifically those written in Solidity and executed on the Ethereum Virtual Machine (EVM). We focus on two prevalent and critical vulnerability types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.

Related papers

• Mining Characteristics of Vulnerable Smart Contracts Across Lifecycle Stages [0.8225825738565354]
  This paper presents the first empirical study on the security of smart contracts throughout their lifecycle. It delves into the security issues at each stage and provides at least seven feature descriptions. Five machine-learning classification models are used to identify vulnerabilities at different stages.
  arXiv  Detail & Related papers  (2025-04-21T12:42:59Z)
• Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis [7.858744413354451]
  This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism.<n>According to the four security events of American Chain, The, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed.<n> preventive measures are given.
  arXiv  Detail & Related papers  (2025-04-08T12:25:34Z)
• Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
  This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts. The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
  arXiv  Detail & Related papers  (2024-07-22T18:27:29Z)
• Dual-view Aware Smart Contract Vulnerability Detection for Ethereum [5.002702845720439]
  We propose a Dual-view Aware Smart Contract Vulnerability Detection Framework named DVDet. The framework initially converts the source code and bytecode of smart contracts into weighted graphs and control flow sequences. Comprehensive experiments on the dataset show that our method outperforms others in detecting vulnerabilities.
  arXiv  Detail & Related papers  (2024-06-29T06:47:51Z)
• A security framework for Ethereum smart contracts [13.430752634838539]
  This article presents ESAF, a framework for analysis of smart contracts. It aims to unify and facilitate the task of analyzing smart contract vulnerabilities. It can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.
  arXiv  Detail & Related papers  (2024-02-05T22:14:21Z)
• Generative AI-enabled Blockchain Networks: Fundamentals, Applications, and Case Study [73.87110604150315]
  Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology. In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
  arXiv  Detail & Related papers  (2024-01-28T10:46:17Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
  In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. Various tools have been developed to detect and mitigate vulnerabilities in smart contracts. This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
  arXiv  Detail & Related papers  (2023-12-27T11:26:26Z)
• Empirical Review of Smart Contract and DeFi Security: Vulnerability Detection and Automated Repair [36.46679501556185]
  Decentralized Finance (DeFi) is emerging as a peer-to-peer financial ecosystem. smart contracts hold a massive amount of value, making them an attractive target for attacks. This paper reviews the progress made in the field of smart contract and DeFi security from the perspective of both vulnerability detection and automated repair.
  arXiv  Detail & Related papers  (2023-09-05T17:00:42Z)
• Enhancing Smart Contract Security Analysis with Execution Property Graphs [48.31617821205042]
  We introduce Clue, a dynamic analysis framework specifically designed for a runtime virtual machine.<n>Clue captures critical information during contract executions, employing a novel graph-based representation, the Execution Property Graph.<n> evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools.
  arXiv  Detail & Related papers  (2023-05-23T13:16:42Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.