Smart Contract Vulnerability Analysis and Security Audit

被引：45

作者：

He, Daojing ^{[1
]}

Deng, Zhi ^{[1
]}

Zhang, Yuxing ^{[1
]}

Chan, Sammy ^{[2
]}

Cheng, Yao ^{[3
]}

Guizani, Nadra ^{[4
]}

机构：

[1] East China Normal Univ, Sch Software Engn, Shanghai, Peoples R China

[2] City Univ Hong Kong, Dept Elect Engn, Hong Kong, Peoples R China

[3] ASTAR, Inst Infocomm Res, Singapore, Singapore

[4] Purdue Univ, Sch Elect & Comp Engn, W Lafayette, IN 47907 USA

来源：

IEEE NETWORK | 2020年 / 34卷 / 05期

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

Contracts; Games; Bitcoin; Computer hacking; Industries;

D O I：

10.1109/MNET.001.1900656

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Ethereum started the blockchain-based smart contract technology that due to its scalability more and more decentralized applications are now based on. On the downside this has led to the exposure of more and more security issues and challenges, which has gained widespread attention in terms of research in the field of Ethereum smart contract vulnerabilities in both academia and industry. This article presents a survey of the Ethereum smart contract's various vulnerabilities and the corresponding defense mechanisms that have been applied to combat them. In particular, we focus on the random number vulnerability in the Fomo3d-like game contracts, as well as that attack and defense methods applied. Finally, we summarize the existing Ethereum smart contract security audit methods and compare several mainstream audit tools from various perspectives.

引用

页码：276 / 282

页数：7

共 9 条

[1] Brent L., 2018, CORR
[2] Eskandari Shayan, 2019, ARXIV190205164
[3] ReGuard: Finding Reentrancy Bugs in Smart Contracts
Liu, Chao
Liu, Han
Cao, Zhao
Chen, Zhong
Chen, Bangdao
Roscoe, Bill
[J]. PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, 2018, : 65 - 68
[4] Making Smart Contracts Smarter
Luu, Loi
Chu, Duc-Hiep
Olickel, Hrishi
Saxena, Prateek
Hobor, Aquinas
[J]. CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 254 - 269
[5] Nakamoto S., 2008, Decentralized business review, DOI DOI 10.2139/SSRN.3440802
[6] Suiche M., 2017, Def. Con., V25, P11
[7] Szabo N., 1997, First Monday, V2
[8] Wang W, 2020, IEEE T NETW SCI ENG, P1
[9] Wood G, 2014, ETHEREUM SECURE DECE, V151, P151

← 1 →