Smart Contract Vulnerability Analysis and Security Audit

Daojing He; Zhi Deng; Yuxing Zhang; Sammy Chan; Yao Cheng; Nadra Guizani

doi:10.1109/MNET.001.1900656

Smart Contract Vulnerability Analysis and Security Audit

Daojing He^*, Zhi Deng, Yuxing Zhang, Sammy Chan, Yao Cheng, Nadra Guizani

^*Corresponding author for this work

Department of Electrical Engineering

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

96 Citations (Scopus)

Abstract

Ethereum started the blockchain-based smart contract technology that due to its scalability more and more decentralized applications are now based on. On the downside this has led to the exposure of more and more security issues and challenges, which has gained widespread attention in terms of research in the field of Ethereum smart contract vulnerabilities in both academia and industry. This article presents a survey of the Ethereum smart contract's various vulnerabilities and the corresponding defense mechanisms that have been applied to combat them. In particular, we focus on the random number vulnerability in the Fomo3d-like game contracts, as well as that attack and defense methods applied. Finally, we summarize the existing Ethereum smart contract security audit methods and compare several mainstream audit tools from various perspectives.

Original language	English
Pages (from-to)	276-282
Journal	IEEE Network
Volume	34
Issue number	5
Online published	17 Jul 2020
DOIs	https://doi.org/10.1109/MNET.001.1900656
Publication status	Published - Sept 2020

Research Keywords

Contracts
Games
Bitcoin
Computer hacking
Industries

Access Output

10.1109/MNET.001.1900656

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{80840a0acb474a429ff6cc628318e348,

title = "Smart Contract Vulnerability Analysis and Security Audit",

abstract = "Ethereum started the blockchain-based smart contract technology that due to its scalability more and more decentralized applications are now based on. On the downside this has led to the exposure of more and more security issues and challenges, which has gained widespread attention in terms of research in the field of Ethereum smart contract vulnerabilities in both academia and industry. This article presents a survey of the Ethereum smart contract's various vulnerabilities and the corresponding defense mechanisms that have been applied to combat them. In particular, we focus on the random number vulnerability in the Fomo3d-like game contracts, as well as that attack and defense methods applied. Finally, we summarize the existing Ethereum smart contract security audit methods and compare several mainstream audit tools from various perspectives.",

keywords = "Contracts, Games, Bitcoin, Computer hacking, Industries",

author = "Daojing He and Zhi Deng and Yuxing Zhang and Sammy Chan and Yao Cheng and Nadra Guizani",

year = "2020",

month = sep,

doi = "10.1109/MNET.001.1900656",

language = "English",

volume = "34",

pages = "276--282",

journal = "IEEE Network",

issn = "0890-8044",

publisher = "IEEE",

number = "5",

}

TY - JOUR

T1 - Smart Contract Vulnerability Analysis and Security Audit

AU - He, Daojing

AU - Deng, Zhi

AU - Zhang, Yuxing

AU - Chan, Sammy

AU - Cheng, Yao

AU - Guizani, Nadra

PY - 2020/9

Y1 - 2020/9

N2 - Ethereum started the blockchain-based smart contract technology that due to its scalability more and more decentralized applications are now based on. On the downside this has led to the exposure of more and more security issues and challenges, which has gained widespread attention in terms of research in the field of Ethereum smart contract vulnerabilities in both academia and industry. This article presents a survey of the Ethereum smart contract's various vulnerabilities and the corresponding defense mechanisms that have been applied to combat them. In particular, we focus on the random number vulnerability in the Fomo3d-like game contracts, as well as that attack and defense methods applied. Finally, we summarize the existing Ethereum smart contract security audit methods and compare several mainstream audit tools from various perspectives.

AB - Ethereum started the blockchain-based smart contract technology that due to its scalability more and more decentralized applications are now based on. On the downside this has led to the exposure of more and more security issues and challenges, which has gained widespread attention in terms of research in the field of Ethereum smart contract vulnerabilities in both academia and industry. This article presents a survey of the Ethereum smart contract's various vulnerabilities and the corresponding defense mechanisms that have been applied to combat them. In particular, we focus on the random number vulnerability in the Fomo3d-like game contracts, as well as that attack and defense methods applied. Finally, we summarize the existing Ethereum smart contract security audit methods and compare several mainstream audit tools from various perspectives.

KW - Contracts

KW - Games

KW - Bitcoin

KW - Computer hacking

KW - Industries

UR - http://www.scopus.com/inward/record.url?scp=85089299041&partnerID=8YFLogxK

UR - http://gateway.isiknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=LinksAMR&SrcApp=PARTNER_APP&DestLinkType=FullRecord&DestApp=WOS&KeyUT=000591303900040

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85089299041&origin=recordpage

U2 - 10.1109/MNET.001.1900656

DO - 10.1109/MNET.001.1900656

M3 - RGC 21 - Publication in refereed journal

SN - 0890-8044

VL - 34

SP - 276

EP - 282

JO - IEEE Network

JF - IEEE Network

IS - 5

ER -

Smart Contract Vulnerability Analysis and Security Audit

Abstract

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this