A survey on security in consensus and smart contracts

Blockchain technology has evolved from a cryptocurrency-exclusive technique for direct transactions among distrusting users (i.e., Blockchain 1.0), into a general programming paradigm for building decentralized applications (i.e., Blockchain 2.0). That greatly expands the application domain of Blockchain 2.0 while importing much more security issues than Blockchain 1.0. Intensive research on the security of blockchain technology has been conducted, showing that security has become the most concerned topic in the blockchain realm, and consensus and smart contracts are the most vulnerable parts to be attacked. On account of this, we are concerned mainly in this review paper with security issues related to consensus and smart contracts. Different from previous surveys, this survey especially tries to provide a systematic and comprehensive view on the security of blockchain technology within consensus and smart contracts through the integral action-pathway from root causes, vulnerabilities, and attacks, to the consequences. Moreover, the proposed countermeasures to the security issues in consensus and smart contracts are also evaluated and discussed in a holistic manner. With our understanding of the surveyed methods, we believe that countermeasures should be proposed with full consideration of the causal relationships among causes, vulnerabilities, attacks, and consequences. We expect the current work can pave the way for a comprehensive understanding of how a security issue functions and where the undiscovered vulnerabilities and possible attacks hide, so as to systematically design the countermeasures.