Verifying Security Vulnerabilities for Blockchain-based Smart Contracts

Matulevicius, Nedas; Cordeiro, Lucas C.

doi:10.1109/sbesc53686.2021.9628229

Cited by 7 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4.30 SWE-134: Message call with hardcoded gas amount Hard forks may result in a considerable shift in the gas cost of EVM instructions, which might disrupt currently deployed contract systems that base their assumptions on constant gas prices. Therefore, hardcoding the amount of gas that a call may consume could in the future lead to DOS as the hard-coded gas amount might become insufficient [7], [27]. For example, Due to the SLOAD instruction's cost rise, the EIP 1884 damaged many existing smart contracts.…”

Section: Swe-133: Hash Collisions With Multiple Variable Length Argum...mentioning

confidence: 99%

See 1 more Smart Citation

Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains

Zaazaa,

Bakkali

2023

IJCNC

View full text Add to dashboard Cite

With the rise in using immature smart contract programming languages to build a decentralized application, more vulnerabilities have been introduced to the Blockchain and were the main reasons behind critical financial losses. Moreover, the immutability of Blockchain technology makes deployed smart contracts unfixable for the whole life of the Blockchain itself. The lack of complete and up-to-date resources that explain those vulnerabilities in detail has also contributed to increasing the number of vulnerabilities in Blockchain. In addition, the lack of a standardized nomination of the existing vulnerabilities has made redundant research and made developers more confused. Therefore, in this paper, we propose the most complete list of smart contract vulnerabilities that exist in the most popular Blockchains with a detailed explanation of each one of them. In addition, we propose a new codification system that facilitates the communication of those vulnerabilities Moreover, the discussed list of vulnerabilities covers multiple Blockchain and could be used for even future built Blockchains.

show abstract

Section: Swe-133: Hash Collisions With Multiple Variable Length Argum...mentioning

confidence: 99%

“…The 0.4.22 version of the solidity compiler allows smart contracts to have a double constructor. This could lead to unexpected behavior in the contract [27]. Vulnerable code line (5,8) Figure 26:…”

Section: Swe-146: Double Constructormentioning

confidence: 99%

Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains

Zaazaa,

Bakkali

2023

IJCNC

View full text Add to dashboard Cite

show abstract

“…We found various countermeasures. These comprise checking the smart contract and verifying the source code [131], logic analysis [101], security tools [103,116,117,120,122,124,126], flow analysis [115], visualization tools, disassembler and decompiler, linter, and miscellaneous tools [103], static and dynamic analysis [103,119,120], symbolic execution, formal verification [103], differential fuzzing [107], deep learning [109], and verification of identities [122], among others. Ivanov et al [106] propose a taxonomy with static analysis, symbolic execution, fuzzing, formal analysis, machine learning methods, execution tracing, and transaction interception.…”

Section: Countermeasuresmentioning

confidence: 99%

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Pöhn,

Grabatin,

Hommel

2023

Applied Sciences

View full text Add to dashboard Cite

Self-sovereign identity (SSI) is a digital identity management model managed in a decentralized manner. It allows identity owners to manage and store their digital identities in a software wallet, for example, on a smartphone, without relying on centralized providers. This approach tries to enhance the security and privacy of digital identities and, thereby, their owners. With the new eIDAS regulation, elements of SSI, such as the wallet, are being pushed onto the market. However, since the model is relatively new, the security threats are still not fully known. This is shown by a brief security analysis of selected existing SSI wallets. In order to get a picture of the known threats, we systematically analyze and categorize related work in the field of SSI and elements applied by SSI. We then evaluate their application to current SSI systems and identify future work.

show abstract

Severity Analysis of Web3 Security Vulnerabilities Based on Publicly Bug Reports

Melo,

Pinto,

Pinto

2023

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Verifying Security Vulnerabilities for Blockchain-based Smart Contracts

Cited by 7 publications

References 12 publications

Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains

Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examination and Codification of Vulnerabilities in Prominent Blockchains

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Severity Analysis of Web3 Security Vulnerabilities Based on Publicly Bug Reports

Contact Info

Product

Resources

About