What are the Actual Flaws in Important Smart Contracts (And How Can We Find Them)?

Groce, Alex; Feist, Josselin; Grieco, Gustavo; Colburn, Michael

doi:10.1007/978-3-030-51280-4_34

Cited by 37 publications

(30 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other attacks: Apart from the above, blockchains and smart contracts are vulnerable to several other security threats such as destroyable contracts [91], exception disorder [92], call stack vulnerability [93], bad randomness [94], underflow/Overflow errors [95] [96], broken authentication [97], broken access control [98], security misconfiguration [99] and unbounded computational power intensive operations [100].…”

Section: A Distributed Ledger Technology (Dlt)mentioning

confidence: 99%

The Roadmap to 6G Security and Privacy

Porambage

Gûr

Osorio

et al. 2021

IEEE Open J. Commun. Soc.

227

103

View full text Add to dashboard Cite

Although the fifth generation (5G) wireless networks are yet to be fully investigated, the visionaries of the 6th generation (6G) echo systems have already come into the discussion. Therefore, in order to consolidate and solidify the security and privacy in 6G networks, we survey how security may impact the envisioned 6G wireless systems, possible challenges with different 6G technologies, and the potential solutions. We provide our vision on 6G security and security key performance indicators (KPIs) with the tentative threat landscape based on the foreseen 6G network architecture. Moreover, we discuss the security and privacy challenges that may encounter with the available 6G requirements and potential 6G applications. We also give the reader some insights into the standardization efforts and research-level projects relevant to 6G security. In particular, we discuss the security considerations with 6G enabling technologies such as distributed ledger technology (DLT), physical layer security, distributed AI/ML, visible light communication (VLC), THz, and quantum computing. All in all, this work intends to provide enlightening guidance for the subsequent research of 6G security and privacy at this initial phase of vision towards reality.

show abstract

Section: A Distributed Ledger Technology (Dlt)mentioning

confidence: 99%

The Roadmap to 6G Security and Privacy

Porambage

Gûr

Osorio

et al. 2021

IEEE Open J. Commun. Soc.

227

103

View full text Add to dashboard Cite

show abstract

“…However, users have to face the risks brought about by poor development practices. Various attacks have been claimed (see Section 5.2.1 and previous works 12 , 89 , 90 , 91 , 92 , 93 , 94 ), which may influence the adoption of smart contracts in business. Incomplete design paradigms .…”

Section: Discussionmentioning

confidence: 99%

“…The latest work of Groce et al. 94 makes a classification of 246 defects found in 23 Ethereum smart contracts. They utilize several open-sourced analysis tools (i.e., Slither, 131 Manticore, 118 and Echidna, 139 see Section 5.2.1 ) along with manual auditing, and find that there are ten defects per contract on average.…”

Section: Constructing Smart Contracts With Turing-complete Languagesmentioning

confidence: 99%

See 1 more Smart Citation

A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems

Zhang

Liu

et al. 2021

Patterns

View full text Add to dashboard Cite

Summary Smart contracts are regarded as one of the most promising and appealing notions in blockchain technology. Their self-enforcing and event-driven features make some online activities possible without a trusted third party. Nevertheless, problems such as miscellaneous attacks, privacy leakage, and low processing rates prevent them from being widely applied. Various schemes and tools have been proposed to facilitate the construction and execution of secure smart contracts. However, a comprehensive survey for these proposals is absent, hindering new researchers and developers from a quick start. This paper surveys the literature and online resources on smart contract construction and execution over the period 2008–2020. We divide the studies into three categories: (1) design paradigms that give examples and patterns on contract construction, (2) design tools that facilitate the development of secure smart contracts, and (3) extensions and alternatives that improve the privacy or efficiency of the system. We start by grouping the relevant construction schemes into the first two categories. We then review the execution mechanisms in the last category and further divide the state-of-the-art solutions into three classes: private contracts with extra tools, off-chain channels, and extensions on core functionalities. Finally, we summarize several challenges and identify future research directions toward developing secure, privacy-preserving, and efficient smart contracts.

show abstract

“…Fuzzing has proven to be very effective in traditional programs. In smart contracts, there are works surveying and categorizing flaws in critical contracts established that Fuzzing using custom user-defined properties might detect up to 63% of the most severe and exploitable flaws in contracts [7]. At present, there are many Fuzzing methods for smart contracts in Ethereum.…”

Section: Fuzzingmentioning

confidence: 99%

HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection

Ding

et al. 2021

Evaluation and Assessment in Software Engineering

View full text Add to dashboard Cite

With its unique advantages such as decentralization and immutability, blockchain technology has been widely used in various fields in recent years. The smart contract running on the blockchain is also playing an increasingly important role in decentralized application scenarios. Therefore, the automatic detection of security vulnerabilities in smart contracts has become an urgent problem in the application of blockchain technology. Hyperledger Fabric is a smart contract platform based on enterprise-level licensed distributed ledger technology. However, the research on the vulnerability detection technology of Hyperledger Fabric smart contracts is still in its infancy. In this paper, we propose HFContractFuzzer, a method based on Fuzzing technology to detect Hyperledger Fabric smart contracts, which combines a Fuzzing tool for golang named go-fuzz and smart contracts written by golang. We use HFContractFuzzer to detect vulnerabilities in five contracts from typical sources and discover that four of them have security vulnerabilities, proving the effectiveness of the proposed method. CCS CONCEPTS• Security and privacy → Vulnerability scanners.

show abstract

What are the Actual Flaws in Important Smart Contracts (And How Can We Find Them)?

Cited by 37 publications

References 11 publications

The Roadmap to 6G Security and Privacy

The Roadmap to 6G Security and Privacy

A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems

HFContractFuzzer: Fuzzing Hyperledger Fabric Smart Contracts for Vulnerability Detection

Contact Info

Product

Resources

About