Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Locally Verifiable Aggregate Signature Scheme for Health Monitoring Systems Kapitel lesen Erstes Kapitel lesen

2024 | OriginalPaper | Buchkapitel

A Survey of Security Vulnerabilities and Detection Methods for Smart Contracts

verfasst von : Jingqi Zhang, Xin Zhang, Zhaojun Liu, Fa Fu, Jianyu Nie, Jianqiang Huang, Thomas Dreibholz

Erschienen in: Proceedings of the 13th International Conference on Computer Engineering and Networks

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

At present, smart contracts cannot guarantee absolute security, and they have exposed many security issues and caused incalculable losses. Due to the existence of these security vulnerabilities, researchers have designed many detection and classification tools to identify and discover them. In this article, we present a classification of smart contract security vulnerabilities based on a large number of detailed articles. Then, we introduce the latest smart contract vulnerability detection methods, summarize the process model of detection tools based on artificial intelligence methods, and compare and analyze various detection tools. Finally, we provide an outlook on future research directions based on the current status of smart contract security.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Metaverse Security and Forensic Research
Nächstes Kapitel A Survey of Blockchain-Based Identity Anonymity Research
Fußnoten
Literatur
1.
Wang, S., Ouyang, L., Yuan, Y., Ni, X., Han, X., Wang, F.-Y.: Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE Trans. Syst., Man, Cybern.: Syst. 49(11), 2266–2277 (2019)
2.
Pise, R., Patil, S.: A deep dive into blockchain-based smart contract-specific security vulnerabilities. In: 2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS), pp. 1–6. IEEE (2022)
3.
Praitheeshan, P., Pan, L., Yu, J., Liu, J., Doss, R.: Security analysis methods on ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:​1908.​08605 (2019)
4.
Kado, C., Yanai, N., Cruz, J.P., Okamura, S.: An empirical study of impact of solidity compiler updates on vulnerabilities. In: 2023 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), pp. 92–97. IEEE (2023)
5.
Sun, J., Huang, S., Zheng, C., Wang, T., Zong, C., Hui, Z.: Mutation testing for integer overflow in ethereum smart contracts. Tsinghua Sci. Technol. 27(1), 27–40 (2021)CrossRef
6.
Kun, H., Bo, W., Dan, X.: A return-value-unchecked vulnerability detection method based on property graph. In: Recent Developments in Intelligent Systems and Interactive Applications: Proceedings of the International Conference on Intelligent and Interactive Systems and Applications (IISA2016), pp. 114–123. Springer (2017)
7.
Mense, A., Flatscher, M.: Security vulnerabilities in ethereum smart contracts. In: Proceedings of the 20th International Conference on Information Integration and Web-Based Applications and Services, pp. 375–380 (2018)
8.
Bartoletti, M., Pompianu, L.: An empirical analysis of smart contracts: platforms, applications, and design patterns. In: Financial Cryptography and Data Security: FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers 21, pp. 494–509. Springer (2017)
9.
Zheng, Z., Xie, S., Dai, H.-N., Chen, W., Chen, X., Weng, J., Imran, M.: An overview on smart contracts: Challenges, advances and platforms. Futur. Gener. Comput. Syst. 105, 475–491 (2020)CrossRef
10.
Zhang, X., Li, J., Wang, X.: Smart contract vulnerability detection method based on bi-lstm neural network. In: 2022 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA), pp. 38–41. IEEE (2022)
11.
Yang, H., Zhang, J., Gu, X., Cui, Z.: Smart contract vulnerability detection based on abstract syntax tree. In: 2022 8th International Symposium on System Security, Safety, and Reliability (ISSSR), pp. 169–170. IEEE (2022)
12.
Zhuang, Y., Liu, Z., Qian, P., Liu, Q., Wang, X., He, Q.: Smart contract vulnerability detection using graph neural networks. In: Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence, pp. 3283–3290 (2021)
13.
Wang, Z., Zheng, Q., Sun, Y.: Gvd-net: graph embedding-based machine learning model for smart contract vulnerability detection. In: 2022 International Conference on Algorithms, Data Mining, and Information Technology (ADMIT), pp. 99–103. IEEE (2022)
14.
Chen, W., Guo, R., Wang, G., Zhang, L., Qiu, J., Su, S., Liu, Y., Xu, G., Chen, H.: Smart contract vulnerability detection model based on siamese network. In: International Conference on Smart Computing and Communication, pp. 639–648. Springer (2022)
15.
Zhang, L., Li, Y., Jin, T., Wang, W., Jin, Z., Zhao, C., Cai, Z., Chen, H.: Spcbig-ec: a robust serial hybrid model for smart contract vulnerability detection. Sensors 22(12), 4621 (2022)CrossRef
16.
Zhang, L., Chen, W., Wang, W., Jin, Z., Zhao, C., Cai, Z., Chen, H.: Cbgru: a detection method of smart contract vulnerability based on a hybrid model. Sensors 22(9), 3577 (2022)CrossRef
17.
Zhipeng Gao. When deep learning meets smart contracts. In: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pp. 1400–1402, 2020
18.
Ghaleb, A., Rubin, J., Pattabiraman, K.: etainter: detecting gas-related vulnerabilities in smart contracts. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 728–739 (2022)
19.
Schneidewind, C., Grishchenko, I., Scherer, M., Maffei, M.: Ethor: practical and provably sound static analysis of ethereum smart contracts. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 621–640 (2020)
20.
Chen, W., Li, X., Sui, Y., He, N., Wang, H., Lei, W., Luo, X.: Sadponzi: Detecting and characterizing ponzi schemes in ethereum smart contracts. Proc. ACM Measur. Anal. Comput. Syst. 5(2), 1–30 (2021)CrossRef
21.
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)
22.
Jiang, B., Liu, Y., Chan, W.K.: Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269 (2018)
23.
Gao, J., Liu, H., Liu, C., Li, Q., Guan, Z., Chen, Z.: Easyflow: Keep ethereum away from overflow. In: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 23–26. IEEE (2019)
24.
Huang, Y., Jiang, B., Chan, W.K.: Eosfuzzer: Fuzzing eosio smart contracts for vulnerability detection. In: Proceedings of the 12th Asia-Pacific Symposium on Internetware, pp. 99–109 (2020)
25.
Eshghie, M., Artho, C., Gurov, D.: Dynamic vulnerability detection on smart contracts using machine learning. In: Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering, EASE ’21, pp. 305–312. Association for Computing Machinery, New York (2021)
26.
Ding, M., Li, P., Li, S., Zhang, H.: Hfcontractfuzzer: fuzzing hyperledger fabric smart contracts for vulnerability detection. In: Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering, EASE ’21, pp. 321–328. Association for Computing Machinery, New York (2021)
27.
Su, J., Dai, H.N., Zhao, L., Zheng, Z., Luo, X.: Effectively generating vulnerable transaction sequences in smart contracts with reinforcement learning-guided fuzzing. In: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp. 1–12 (2022)
28.
Zheng, P., Zheng, Z., Luo, X.: Park: accelerating smart contract vulnerability detection via parallel-fork symbolic execution. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 740–751 (2022)
29.
Chen, W., Sun, Z., Wang, H., Luo, X., Cai, H., Wu, L.: Wasai: uncovering vulnerabilities in wasm smart contracts. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 703–715 (2022)
30.
Li, P., Li, S., Ding, M., Yu, J., Zhang, H., Zhou, X., Li, J.: A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis. In: Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering, pp. 366–374 (2022)
31.
Grover, A., Leskovec, J.: Node2vec: scalable feature learning for networks. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’16, pp. 855–864. New York, Association for Computing Machinery (2016)
Metadaten
Titel
A Survey of Security Vulnerabilities and Detection Methods for Smart Contracts
verfasst von
Jingqi Zhang
Xin Zhang
Zhaojun Liu
Fa Fu
Jianyu Nie
Jianqiang Huang
Thomas Dreibholz
Copyright-Jahr
2024
Verlag
Springer Nature Singapore
Buch
Proceedings of the 13th International Conference on Computer Engineering and Networks

Print ISBN: 978-981-9992-46-1

Electronic ISBN: 978-981-9992-47-8

Copyright-Jahr: 2024

DOI
https://doi.org/10.1007/978-981-99-9247-8_43