Huijuan Zhu;Lei Yang;Liangmin Wang;Victor S. Sheng
{"title":"智能合约安全分析方法调查","authors":"Huijuan Zhu;Lei Yang;Liangmin Wang;Victor S. Sheng","doi":"10.1109/TSC.2024.3463394","DOIUrl":null,"url":null,"abstract":"Smart contracts have gained extensive adoption across diverse industries, including finance, supply chain, and the Internet of Things. Nevertheless, the surge in security incidents of smart contracts over recent years has led to substantial economic losses. Therefore, ensuring the security of smart contracts has become a critical and complex challenge in both academic and industrial domains. Based on 539 real-world security incidents in the Ethereum platform and audit reports from 10 authoritative auditing institutions, we summarize 27 types of exploited security vulnerabilities and draw insights into their principles, typical cases, relevant research and recommended prevention strategies. Besides, we also gather 7 other potentially threatening vulnerability types as supplements. On this basis, we conduct an in-depth analysis of the root causes of vulnerabilities and further formulate eight safety practical rules. Moreover, we perform a comprehensive review of 178 recent papers on smart contract security analysis, classifying detection methods into formal verification, fuzz testing, machine learning, program analysis, and others. For each category, we seize the specific detection tools and analyze them comprehensively. Then, we conduct an extensive analysis and synthesis from various angles, presenting a comprehensive overview of the current research landscape in smart contract security detection. We also discuss current on-chain and off-chain repair methods. Finally, this review outlines major challenges and highlights potential areas for future research in this field.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"17 6","pages":"4522-4539"},"PeriodicalIF":5.5000,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Survey on Security Analysis Methods of Smart Contracts\",\"authors\":\"Huijuan Zhu;Lei Yang;Liangmin Wang;Victor S. Sheng\",\"doi\":\"10.1109/TSC.2024.3463394\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart contracts have gained extensive adoption across diverse industries, including finance, supply chain, and the Internet of Things. Nevertheless, the surge in security incidents of smart contracts over recent years has led to substantial economic losses. Therefore, ensuring the security of smart contracts has become a critical and complex challenge in both academic and industrial domains. Based on 539 real-world security incidents in the Ethereum platform and audit reports from 10 authoritative auditing institutions, we summarize 27 types of exploited security vulnerabilities and draw insights into their principles, typical cases, relevant research and recommended prevention strategies. Besides, we also gather 7 other potentially threatening vulnerability types as supplements. On this basis, we conduct an in-depth analysis of the root causes of vulnerabilities and further formulate eight safety practical rules. Moreover, we perform a comprehensive review of 178 recent papers on smart contract security analysis, classifying detection methods into formal verification, fuzz testing, machine learning, program analysis, and others. For each category, we seize the specific detection tools and analyze them comprehensively. Then, we conduct an extensive analysis and synthesis from various angles, presenting a comprehensive overview of the current research landscape in smart contract security detection. We also discuss current on-chain and off-chain repair methods. Finally, this review outlines major challenges and highlights potential areas for future research in this field.\",\"PeriodicalId\":13255,\"journal\":{\"name\":\"IEEE Transactions on Services Computing\",\"volume\":\"17 6\",\"pages\":\"4522-4539\"},\"PeriodicalIF\":5.5000,\"publicationDate\":\"2024-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Services Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10683998/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10683998/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A Survey on Security Analysis Methods of Smart Contracts
Smart contracts have gained extensive adoption across diverse industries, including finance, supply chain, and the Internet of Things. Nevertheless, the surge in security incidents of smart contracts over recent years has led to substantial economic losses. Therefore, ensuring the security of smart contracts has become a critical and complex challenge in both academic and industrial domains. Based on 539 real-world security incidents in the Ethereum platform and audit reports from 10 authoritative auditing institutions, we summarize 27 types of exploited security vulnerabilities and draw insights into their principles, typical cases, relevant research and recommended prevention strategies. Besides, we also gather 7 other potentially threatening vulnerability types as supplements. On this basis, we conduct an in-depth analysis of the root causes of vulnerabilities and further formulate eight safety practical rules. Moreover, we perform a comprehensive review of 178 recent papers on smart contract security analysis, classifying detection methods into formal verification, fuzz testing, machine learning, program analysis, and others. For each category, we seize the specific detection tools and analyze them comprehensively. Then, we conduct an extensive analysis and synthesis from various angles, presenting a comprehensive overview of the current research landscape in smart contract security detection. We also discuss current on-chain and off-chain repair methods. Finally, this review outlines major challenges and highlights potential areas for future research in this field.
期刊介绍:
IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
