Smart Contract Security : A Software Lifecycle Perspective

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

96 Scopus Citations
View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Original languageEnglish
Article number8864988
Pages (from-to)150184-150202
Journal / PublicationIEEE Access
Volume7
Online published11 Oct 2019
Publication statusPublished - 2019

Link(s)

Abstract

Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a software lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.

Research Area(s)

  • Blockchain, Ethereum, information security, smart contract, software engineering, software lifecycle

Citation Format(s)

Smart Contract Security: A Software Lifecycle Perspective. / HUANG, Yongfeng; BIAN, Yiyang; LI, Renpu et al.
In: IEEE Access, Vol. 7, 8864988, 2019, p. 150184-150202.

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

Download Statistics

No data available