A Survey on Smart Contract Vulnerabilities and Safeguards in Blockchain
Keywords:
Smart contracts, Blockchain, security, Ethereum, Hyperledger fabric, Formal VerificationAbstract
Blockchain technology is developing rapidly as a result of its numerous applications, security features and smart contracts embedded in it. Smart contracts are software codes written in a programming language. They get automatically executed on the Blockchain network when certain condition is met written in that program code. The distinctive characteristics of smart contracts led Blockchain technology to be used in applications beyond cryptocurrencies, including healthcare, IoT, supply chain, digital identification, digital asset exchange, crowdfunding, intellectual property, and many more. Millions were stolen and lost as a result of technical flaws and various vulnerabilities present in smart contracts. Many tools and methodologies have been proposed to address these challenges, and additional research is underway to build unique tools that enable the discovery of vulnerabilities in smart contract code.
Ethereum is a well-known public Blockchain platform supporting smart contracts. Additionally, Hyperledger Fabric is private Blockchain platform featuring smart contracts in private sector. This survey presents, a bird’s eye view of smart contract languages, vulnerabilities and security tools in Public and Private Blockchain. The paper also looks at the different formal verification approaches used to identify the vulnerabilities present in the smart contract.
The intent of the paper is to focus on smart contract challenges and vulnerabilities, Security tools in Public and private Blockchain and Formal verification Methods for validation of smart contracts.
Downloads
References
S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System.” [Online]. Available: www.bitcoin.org
Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends,” in Proceedings - 2017 IEEE 6th International Congress on Big Data, BigData Congress 2017, Sep. 2017, pp. 557–564. doi: 10.1109/BigDataCongress.2017.85.
X. Xu et al., “A Taxonomy of Blockchain-Based Systems for Architecture Design,” in Proceedings - 2017 IEEE International Conference on Software Architecture, ICSA 2017, May 2017, pp. 243–252. doi: 10.1109/ICSA.2017.33.
X. Xu et al., “The blockchain as a software connector,” in Proceedings - 2016 13th Working IEEE/IFIP Conference on Software Architecture, WICSA 2016, Jul. 2016, pp. 182–191. doi: 10.1109/WICSA.2016.21.
O. Ali, A. Jaradat, A. Kulakli, and A. Abuhalimeh, “A Comparative Study: Blockchain Technology Utilization Benefits, Challenges and Functionalities,” IEEE Access, vol. 9, pp. 12730–12749, 2021, doi: 10.1109/ACCESS.2021.3050241.
Institute of Electrical and Electronics Engineers and IEEE Technology and Engineering Management Society, 2017 IEEE Technology and Engineering Management Conference (TEMSCON).
P. Bhattacharya, A. Singh, A. Srivastava, and A. Mathur, “A Systematic Review on Evolution of Blockchain Generations ITEE Journal A Systematic Review on Evolution of Blockchain Generations,” 2018. [Online]. Available: https://www.researchgate.net/publication/330358000
M. H. Miraz and M. Ali, “Applications of blockchain technology beyond cryptocurrency,” Annals of Emerging Technologies in Computing, vol. 2, no. 1, pp. 1–6, Jan. 2018, doi: 10.33166/AETiC.2018.01.001.
International Conference on Electrical Engineering and Computer Science 2017 Palembang, Institute of Electrical and Electronics Engineers Indonesia Section, International Conference on Electrical Engineering and Computer Science 2017.08.22-23 Palembang, ICECOS Conference 2017.08.22-23 Palembang, and ICECOS 2017.08.22-23 Palembang, Sustaining the cultural heritage toward the smart environment for better future ICECOS 2017 Conference : proceedings : August 22-23, 2017, Horison Ultima Hotel, Palembang.
I. Eyal, “COVER FEATURE BLOCKCHAIN TECHNOLOGY IN FINANCE.”
D. Magazzeni, P. McBurney, and W. Nash, “COVER FEATURE BLOCKCHAIN TECHNOLOGY IN FINANCE Validation and Verification of Smart Contracts: A Research Agenda.” [Online]. Available: www.nortonrosefulbright.com/knowledge/publica-
C. D. Clack, V. A. Bakshi, and L. Braine, “Smart Contract Templates: foundations, design landscape and research directions,” Aug. 2016, [Online]. Available: http://arxiv.org/abs/1608.00771
G. W. Peters and E. Panayi, “Understanding Modern Banking Ledgers through Blockchain Technologies: Future of Transaction Processing and Smart Contracts on the Internet of Money,” 2015. [Online]. Available: http://ssrn.com/abstract=2692487
K. Christidis and M. Devetsikiotis, “Blockchains and Smart Contracts for the Internet of Things,” IEEE Access, vol. 4. Institute of Electrical and Electronics Engineers Inc., pp. 2292–2303, 2016. doi: 10.1109/ACCESS.2016.2566339.
M. A. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Computer Systems, vol. 82, pp. 395–411, May 2018, doi: 10.1016/j.future.2017.11.022.
A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “MedRec: Using blockchain for medical data access and permission management,” in Proceedings - 2016 2nd International Conference on Open and Big Data, OBD 2016, Sep. 2016, pp. 25–30. doi: 10.1109/OBD.2016.11.
Q. Xia, E. B. Sifah, K. O. Asamoah, J. Gao, X. Du, and M. Guizani, “MeDShare: Trust-Less Medical Data Sharing among Cloud Service Providers via Blockchain,” IEEE Access, vol. 5, pp. 14757–14767, Jul. 2017, doi: 10.1109/ACCESS.2017.2730843.
M. Hölbl, M. Kompara, A. Kamišalić, and L. N. Zlatolas, “A systematic review of the use of blockchain in healthcare,” Symmetry, vol. 10, no. 10, 2018, doi: 10.3390/sym10100470.
T. Mikula and R. H. Jacobsen, “Identity and access management with blockchain in electronic healthcare records,” in Proceedings - 21st Euromicro Conference on Digital System Design, DSD 2018, Oct. 2018, pp. 699–706. doi: 10.1109/DSD.2018.00008.
Hawaii International Conference on System Sciences 2020.
P. Mccorry, S. F. Shahandashti, and F. Hao, “A Smart Contract for Boardroom Voting with Maximum Voter Privacy.”
N. Kshetri and J. Voas, “Blockchain-Enabled E-Voting,” IEEE Software, vol. 35, no. 4, pp. 95–99, Jul. 2018, doi: 10.1109/MS.2018.2801546.
J. Yli-Huumo, D. Ko, S. Choi, S. Park, and K. Smolander, “Where is current research on Blockchain technology? - A systematic review,” PLoS ONE, vol. 11, no. 10, Oct. 2016, doi: 10.1371/journal.pone.0163477.
I. C. Lin and T. C. Liao, “A survey of blockchain security issues and challenges,” International Journal of Network Security, vol. 19, no. 5, pp. 653–659, Sep. 2017, doi: 10.6633/IJNS.201709.19(5).01.
Y. Hu, M. Liyanage, A. Mansoor, K. Thilakarathna, G. Jourjon, and A. Seneviratne, “Blockchain-based Smart Contracts - Applications and Challenges,” Sep. 2018, [Online]. Available: http://arxiv.org/abs/1810.04699
S. Wang, L. Ouyang, Y. Yuan, X. Ni, X. Han, and F. Y. Wang, “Blockchain-Enabled Smart Contracts: Architecture, Applications, and Future Trends,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 49, no. 11, pp. 2266–2277, Nov. 2019, doi: 10.1109/TSMC.2019.2895123.
W. Egbertsen, G. Hardeman, M. van den Hoven, G. van der Kolk, and A. van Rijsewijk, “Replacing Paper Contracts With Ethereum Smart Contracts Contract Innovation with Ethereum,” 2016.
L. W. Cong and Z. He, “Blockchain Disruption and Smart Contracts,” Review of Financial Studies, vol. 32, no. 5. Oxford University Press, pp. 1754–1797, May 01, 2019. doi: 10.1093/rfs/hhz007.
S. Rouhani and R. Deters, “Security, performance, and applications of smart contracts: A systematic survey,” IEEE Access, vol. 7. Institute of Electrical and Electronics Engineers Inc., pp. 50759–50779, 2019. doi: 10.1109/ACCESS.2019.2911031.
K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi, “Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab,” 2015.
M. Alharby and A. van Moorsel, “Blockchain Based Smart Contracts : A Systematic Mapping Study,” Aug. 2017, pp. 125–140. doi: 10.5121/csit.2017.71011.
M. Bartoletti and L. Pompianu, “An Empirical analysis of smart contracts: Platforms, applications, and design patterns,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2017, vol. 10323 LNCS, pp. 494–509. doi: 10.1007/978-3-319-70278-0_31.
D. Harz and W. Knottenbelt, “Towards Safer Smart Contracts: A Survey of Languages and Verification Methods,” Sep. 2018, [Online]. Available: http://arxiv.org/abs/1809.09805
N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on Ethereum smart contracts.” [Online]. Available: https://coinmarketcap.com/currencies/ethereum
S. Sayeed, H. Marco-Gisbert, and T. Caira, “Smart Contract: Attacks and Protections,” IEEE Access, vol. 8, pp. 24416–24427, 2020, doi: 10.1109/ACCESS.2020.2970495.
“ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER EIP-150 REVISION.”
E. Androulaki et al., “Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains,” Jan. 2018, doi: 10.1145/3190508.3190538.
Y. Huang, Y. Bian, R. Li, J. L. Zhao, and P. Shi, “Smart contract security: A software lifecycle perspective,” IEEE Access, vol. 7. Institute of Electrical and Electronics Engineers Inc., pp. 150184–150202, 2019. doi: 10.1109/ACCESS.2019.2946988.
P. Praitheeshan, L. Pan, J. Yu, J. Liu, and R. Doss, “Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey,” Aug. 2019, [Online]. Available: http://arxiv.org/abs/1908.08605
R. Gupta, S. Tanwar, F. Al-Turjman, P. Italiya, A. Nauman, and S. W. Kim, “Smart Contract Privacy Protection Using AI in Cyber-Physical Systems: Tools, Techniques and Challenges,” IEEE Access, vol. 8, pp. 24746–24772, 2020, doi: 10.1109/ACCESS.2020.2970576.
P. Praitheeshan, L. Pan, J. Yu, J. Liu, and R. Doss, “Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey,” Aug. 2019, [Online]. Available: http://arxiv.org/abs/1908.08605
G. Destefanis, M. Marchesi, M. Ortu, R. Tonelli, A. Bracciali, and R. Hierons, “Smart contracts vulnerabilities: A call for blockchain software engineering?,” in 2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering, IWBOSE 2018 - Proceedings, Mar. 2018, vol. 2018-January, pp. 19–25. doi: 10.1109/IWBOSE.2018.8327567.
S. Sayeed, H. Marco-Gisbert, and T. Caira, “Smart Contract: Attacks and Protections,” IEEE Access, vol. 8, pp. 24416–24427, 2020, doi: 10.1109/ACCESS.2020.2970495.
R. Tonelli, IEEE Computer Society, Institute of Electrical and Electronics Engineers, and E. IEEE International Conference on Software Analysis, IWBOSE ’19 : 2019 IEEE 2nd International Workshop on Blockchain Oriented Software Engineering (IWBOSE ’19) : February 24, 2019, Hangzhou, China.
X. Bai, Z. Cheng, Z. Duan, and K. Hu, “Formal modeling and verification of smart contracts,” in ACM International Conference Proceeding Series, Feb. 2018, pp. 322–326. doi: 10.1145/3185089.3185138.
Y. Huang, Y. Bian, R. Li, J. L. Zhao, and P. Shi, “Smart contract security: A software lifecycle perspective,” IEEE Access, vol. 7. Institute of Electrical and Electronics Engineers Inc., pp. 150184–150202, 2019. doi: 10.1109/ACCESS.2019.2946988.
J. Liu and Z. Liu, “A Survey on Security Verification of Blockchain Smart Contracts,” IEEE Access, vol. 7. Institute of Electrical and Electronics Engineers Inc., pp. 77894–77904, 2019. doi: 10.1109/ACCESS.2019.2921624.
A. L. Vivar, A. T. Castedo, A. L. S. Orozco, and L. J. G. Villalba, “An analysis of smart contracts security threats alongside existing solutions,” Entropy, vol. 22, no. 2, Feb. 2020, doi: 10.3390/e22020203.
Z. Yang and H. Lei, “Formal process virtual machine for smart contracts verification,” International Journal of Performability Engineering, vol. 14, no. 8, pp. 1726–1734, Aug. 2018, doi: 10.23940/ijpe.18.08.p9.17261734.
P. Tolmach, Y. Li, S.-W. Lin, Y. Liu, and Z. Li, “A Survey of Smart Contract Formal Specification and Verification,” ACM Computing Surveys, vol. 54, no. 7, pp. 1–38, Sep. 2022, doi: 10.1145/3464421.
T. Abdellatif, K.-L. Brousmiche, and K.-L. Brousmiche, “Formal verification of smart contracts based on users and blockchain behaviors models.” [Online]. Available: https://hal.archives-ouvertes.fr/hal-01760787
W. Ahrendt et al., “Verification of Smart Contract Business Logic Exploiting a Java Source Code Verifier.” [Online]. Available: https://git.io/fx6cn.
W. Xu and G. A. Fink, “Building Executable Secure Design Models for Smart Contracts with Formal Methods.”
L. Alt and C. Reitwiessner, “SMT-based verification of solidity smart contracts,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, vol. 11247 LNCS, pp. 376–388. doi: 10.1007/978-3-030-03427-6_28.
T. Sun and W. Yu, “A formal verification framework for security issues of blockchain smart contracts,” Electronics (Switzerland), vol. 9, no. 2, Feb. 2020, doi: 10.3390/electronics9020255.
Z. Yang and H. Lei, “Lolisa: Formal syntax and semantics for a subset of the solidity programming language in Mathematical Tool Coq,” Mathematical Problems in Engineering, vol. 2020, 2020, doi: 10.1155/2020/6191537.
I. Grishchenko, M. Maffei, and C. Schneidewind, “A Semantic Framework for the Security Analysis of Ethereum smart contracts,” Feb. 2018, doi: 10.1007/978-3-319-89722-6_10.
J. Ellul and G. J. Pace, “Runtime Verification of Ethereum Smart Contracts,” in Proceedings - 2018 14th European Dependable Computing Conference, EDCC 2018, Nov. 2018, pp. 158–163. doi: 10.1109/EDCC.2018.00036.
S. Amani, M. Bortin, M. Bégel, and M. Staples, “Towards verifying ethereum smart contract bytecode in Isabelle/HOL,” in CPP 2018 - Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, Co-located with POPL 2018, Jan. 2018, vol. 2018-January, pp. 66–77. doi: 10.1145/3167084.
Karthikeyan Bhargavan, Antoine Delignat-Lavaud, C´edric Fournet, Anitha Gollamudi, Georges Gonthier, and Nadim Kobeissi, “F star Bhargavan formal verification paper”.
A. Mavridou and A. Laszka, “Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach,” Nov. 2017, [Online]. Available: http://arxiv.org/abs/1711.09327
S. Akca, A. Rajan, and C. Peng, “SolAnalyser: A Framework for Analysing and Testing Smart Contracts,” in Proceedings - Asia-Pacific Software Engineering Conference, APSEC, Dec. 2019, vol. 2019-December, pp. 482–489. doi: 10.1109/APSEC48747.2019.00071.
E. Albert, J. Correas, P. Gordillo, G. Román-Díez, and A. Rubio, “SAFEVM: A Safety Verifier for Ethereum Smart Contracts,” Jun. 2019, [Online]. Available: http://arxiv.org/abs/1906.04984
E. Hildenbrandt et al., “KEVM: A complete formal semantics of the ethereum virtual machine,” in Proceedings - IEEE Computer Security Foundations Symposium, Aug. 2018, vol. 2018-July, pp. 204–217. doi: 10.1109/CSF.2018.00022.
J. Liu and Z. Liu, “A Survey on Security Verification of Blockchain Smart Contracts,” IEEE Access, vol. 7. Institute of Electrical and Electronics Engineers Inc., pp. 77894–77904, 2019. doi: 10.1109/ACCESS.2019.2921624.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
