Dynamic information utilization for securing Ethereum smart contracts: A literature review

IF 4.3 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Information and Software Technology Pub Date : 2025-06-01 Epub Date: 2025-03-12 DOI:10.1016/j.infsof.2025.107719

Tianyuan Hu , Bixin Li

{"title":"Dynamic information utilization for securing Ethereum smart contracts: A literature review","authors":"Tianyuan Hu , Bixin Li","doi":"10.1016/j.infsof.2025.107719","DOIUrl":null,"url":null,"abstract":"<div><div>Smart contracts, self-executing programs that govern digital assets on blockchain platforms, have gained widespread adoption due to their automation and transparency. However, vulnerabilities in smart contracts can lead to financial losses and reputational damage, making their security a critical concern. Static code auditing methods are prone to false positives and false negatives, as they fail to account for real-time execution conditions. The integration of dynamic information offers a promising avenue for addressing these limitations and enhancing smart contract security. Ethereum, the most widely used blockchain platform, provides a wealth of publicly available data and has attracted significant attention from researchers due to its security problems. This paper presents a systematic mapping study focused on Ethereum, reviewing the existing literature on the use of dynamic information for enhancing the security of smart contracts. It offers a comprehensive overview of security problems, dynamic information types, technical approaches, and validation methods. Furthermore, we examine the implications and limitations of current research and propose future directions for further exploration in the field of Ethereum smart contract protection.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"182 ","pages":"Article 107719"},"PeriodicalIF":4.3000,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584925000588","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/3/12 0:00:00","PubModel":"Epub","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Smart contracts, self-executing programs that govern digital assets on blockchain platforms, have gained widespread adoption due to their automation and transparency. However, vulnerabilities in smart contracts can lead to financial losses and reputational damage, making their security a critical concern. Static code auditing methods are prone to false positives and false negatives, as they fail to account for real-time execution conditions. The integration of dynamic information offers a promising avenue for addressing these limitations and enhancing smart contract security. Ethereum, the most widely used blockchain platform, provides a wealth of publicly available data and has attracted significant attention from researchers due to its security problems. This paper presents a systematic mapping study focused on Ethereum, reviewing the existing literature on the use of dynamic information for enhancing the security of smart contracts. It offers a comprehensive overview of security problems, dynamic information types, technical approaches, and validation methods. Furthermore, we examine the implications and limitations of current research and propose future directions for further exploration in the field of Ethereum smart contract protection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

保护以太坊智能合约的动态信息利用：文献综述

智能合约，即在区块链平台上管理数字资产的自动执行程序，由于其自动化和透明度而获得了广泛的采用。然而，智能合约中的漏洞可能导致财务损失和声誉受损，使其安全性成为一个关键问题。静态代码审计方法容易出现误报和误报，因为它们无法考虑实时执行条件。动态信息的集成为解决这些限制和增强智能合约的安全性提供了一个有希望的途径。以太坊是使用最广泛的区块链平台，它提供了大量公开可用的数据，并因其安全问题引起了研究人员的极大关注。本文提出了一个以以太坊为重点的系统映射研究，回顾了关于使用动态信息来增强智能合约安全性的现有文献。它提供了安全问题、动态信息类型、技术方法和验证方法的全面概述。此外，我们研究了当前研究的影响和局限性，并提出了以太坊智能合约保护领域进一步探索的未来方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.