A Survey of Ethereum Smart Contract Security: Attacks and Detection
A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the...
Gespeichert in:
| Veröffentlicht in: | Distributed Ledger Technologies: Research and Practice 2024-09, Vol.3 (3), p.1-28, Article 23 |
|---|---|
| Hauptverfasser: | , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 28 |
|---|---|
| container_issue | 3 |
| container_start_page | 1 |
| container_title | Distributed Ledger Technologies: Research and Practice |
| container_volume | 3 |
| creator | Jiao, Tengyun Xu, Zhiyu Qi, Minfeng Wen, Sheng Xiang, Yang Nan, Gary |
| description | A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This article is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented. |
| doi_str_mv | 10.1145/3643895 |
| format | Article |
| fullrecord | <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3643895</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3643895</sourcerecordid><originalsourceid>FETCH-LOGICAL-a845-66a1aa97ff004c34eebb74138330f7fdca19dd465e432d388c0655060707549c3</originalsourceid><addsrcrecordid>eNpNj8tLw0AYxBdRsNTi3dPePEW_zb69hVgfUPCQ3sN2Hxg1iexuhPz3VlrF0wzMj2EGoUsCN4QwfksFo0rzE7QopdCFYApO__lztErpDQBKLZig5QLVFW6m-OVnPAa8zq8--qnHTW9ixvU45Ghsxo23U-zyfIernI19T9gMDt_77G3uxuECnQXzkfzqqEu0fVhv66di8_L4XFebwijGCyEMMUbLEACYpcz73U4yQhWlEGRw1hDtHBPcM1o6qpQFwTkIkCA505Yu0fWh1sYxpehD-xm7_dC5JdD-vG-P7_fk1YE0tv-DfsNvv1NShQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Survey of Ethereum Smart Contract Security: Attacks and Detection</title><source>ACM Digital Library Complete</source><creator>Jiao, Tengyun ; Xu, Zhiyu ; Qi, Minfeng ; Wen, Sheng ; Xiang, Yang ; Nan, Gary</creator><creatorcontrib>Jiao, Tengyun ; Xu, Zhiyu ; Qi, Minfeng ; Wen, Sheng ; Xiang, Yang ; Nan, Gary</creatorcontrib><description>A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This article is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented.</description><identifier>ISSN: 2769-6480</identifier><identifier>EISSN: 2769-6480</identifier><identifier>DOI: 10.1145/3643895</identifier><language>eng</language><publisher>New York, NY: ACM</publisher><subject>Distributed systems security ; General and reference ; Security and privacy ; Surveys and overviews ; Vulnerability scanners</subject><ispartof>Distributed Ledger Technologies: Research and Practice, 2024-09, Vol.3 (3), p.1-28, Article 23</ispartof><rights>Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a845-66a1aa97ff004c34eebb74138330f7fdca19dd465e432d388c0655060707549c3</cites><orcidid>0000-0002-9346-0481 ; 0000-0001-5252-0831 ; 0000-0003-2355-7517 ; 0000-0003-0357-642X ; 0009-0008-8935-6850 ; 0000-0003-0655-666X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://dl.acm.org/doi/pdf/10.1145/3643895$$EPDF$$P50$$Gacm$$Hfree_for_read</linktopdf><link.rule.ids>314,776,780,2276,27901,27902,40172,76197</link.rule.ids></links><search><creatorcontrib>Jiao, Tengyun</creatorcontrib><creatorcontrib>Xu, Zhiyu</creatorcontrib><creatorcontrib>Qi, Minfeng</creatorcontrib><creatorcontrib>Wen, Sheng</creatorcontrib><creatorcontrib>Xiang, Yang</creatorcontrib><creatorcontrib>Nan, Gary</creatorcontrib><title>A Survey of Ethereum Smart Contract Security: Attacks and Detection</title><title>Distributed Ledger Technologies: Research and Practice</title><addtitle>ACM DLT</addtitle><description>A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This article is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented.</description><subject>Distributed systems security</subject><subject>General and reference</subject><subject>Security and privacy</subject><subject>Surveys and overviews</subject><subject>Vulnerability scanners</subject><issn>2769-6480</issn><issn>2769-6480</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNpNj8tLw0AYxBdRsNTi3dPePEW_zb69hVgfUPCQ3sN2Hxg1iexuhPz3VlrF0wzMj2EGoUsCN4QwfksFo0rzE7QopdCFYApO__lztErpDQBKLZig5QLVFW6m-OVnPAa8zq8--qnHTW9ixvU45Ghsxo23U-zyfIernI19T9gMDt_77G3uxuECnQXzkfzqqEu0fVhv66di8_L4XFebwijGCyEMMUbLEACYpcz73U4yQhWlEGRw1hDtHBPcM1o6qpQFwTkIkCA505Yu0fWh1sYxpehD-xm7_dC5JdD-vG-P7_fk1YE0tv-DfsNvv1NShQ</recordid><startdate>20240930</startdate><enddate>20240930</enddate><creator>Jiao, Tengyun</creator><creator>Xu, Zhiyu</creator><creator>Qi, Minfeng</creator><creator>Wen, Sheng</creator><creator>Xiang, Yang</creator><creator>Nan, Gary</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-9346-0481</orcidid><orcidid>https://orcid.org/0000-0001-5252-0831</orcidid><orcidid>https://orcid.org/0000-0003-2355-7517</orcidid><orcidid>https://orcid.org/0000-0003-0357-642X</orcidid><orcidid>https://orcid.org/0009-0008-8935-6850</orcidid><orcidid>https://orcid.org/0000-0003-0655-666X</orcidid></search><sort><creationdate>20240930</creationdate><title>A Survey of Ethereum Smart Contract Security: Attacks and Detection</title><author>Jiao, Tengyun ; Xu, Zhiyu ; Qi, Minfeng ; Wen, Sheng ; Xiang, Yang ; Nan, Gary</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a845-66a1aa97ff004c34eebb74138330f7fdca19dd465e432d388c0655060707549c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Distributed systems security</topic><topic>General and reference</topic><topic>Security and privacy</topic><topic>Surveys and overviews</topic><topic>Vulnerability scanners</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Jiao, Tengyun</creatorcontrib><creatorcontrib>Xu, Zhiyu</creatorcontrib><creatorcontrib>Qi, Minfeng</creatorcontrib><creatorcontrib>Wen, Sheng</creatorcontrib><creatorcontrib>Xiang, Yang</creatorcontrib><creatorcontrib>Nan, Gary</creatorcontrib><collection>CrossRef</collection><jtitle>Distributed Ledger Technologies: Research and Practice</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jiao, Tengyun</au><au>Xu, Zhiyu</au><au>Qi, Minfeng</au><au>Wen, Sheng</au><au>Xiang, Yang</au><au>Nan, Gary</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Survey of Ethereum Smart Contract Security: Attacks and Detection</atitle><jtitle>Distributed Ledger Technologies: Research and Practice</jtitle><stitle>ACM DLT</stitle><date>2024-09-30</date><risdate>2024</risdate><volume>3</volume><issue>3</issue><spage>1</spage><epage>28</epage><pages>1-28</pages><artnum>23</artnum><issn>2769-6480</issn><eissn>2769-6480</eissn><abstract>A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This article is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented.</abstract><cop>New York, NY</cop><pub>ACM</pub><doi>10.1145/3643895</doi><tpages>28</tpages><orcidid>https://orcid.org/0000-0002-9346-0481</orcidid><orcidid>https://orcid.org/0000-0001-5252-0831</orcidid><orcidid>https://orcid.org/0000-0003-2355-7517</orcidid><orcidid>https://orcid.org/0000-0003-0357-642X</orcidid><orcidid>https://orcid.org/0009-0008-8935-6850</orcidid><orcidid>https://orcid.org/0000-0003-0655-666X</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2769-6480 |
| ispartof | Distributed Ledger Technologies: Research and Practice, 2024-09, Vol.3 (3), p.1-28, Article 23 |
| issn | 2769-6480 2769-6480 |
| language | eng |
| recordid | cdi_crossref_primary_10_1145_3643895 |
| source | ACM Digital Library Complete |
| subjects | Distributed systems security General and reference Security and privacy Surveys and overviews Vulnerability scanners |
| title | A Survey of Ethereum Smart Contract Security: Attacks and Detection |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-16T06%3A56%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Survey%20of%20Ethereum%20Smart%20Contract%20Security:%20Attacks%20and%20Detection&rft.jtitle=Distributed%20Ledger%20Technologies:%20Research%20and%20Practice&rft.au=Jiao,%20Tengyun&rft.date=2024-09-30&rft.volume=3&rft.issue=3&rft.spage=1&rft.epage=28&rft.pages=1-28&rft.artnum=23&rft.issn=2769-6480&rft.eissn=2769-6480&rft_id=info:doi/10.1145/3643895&rft_dat=%3Cacm_cross%3E3643895%3C/acm_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |