A Review of Approaches for Detecting Vulnerabilities in Smart Contracts within Web 3.0 Applications
Abstract
:1. Introduction
2. Vulnerability in Smart Contracts
2.1. Solidity Layer
- Reentrancy
- Integer Error
- Exception Handling
- Logical Error
2.2. EVM Layer
- Short Address
- Tx.origin
- Call-Stack Overflow
2.3. Block Layer
- Timestamp Dependency
- Transaction Order Dependency
2.4. Web 3.0 Vulnerabilities
- Identifier Verification
- Rent Tampering
- Single Oracle
- Sandwich Attack
3. Taxonomy of Approaches to Detecting Vulnerabilities
3.1. Formal Verification
- F* Framework
- EthIR
3.2. Symbolic Execution
- Oyente
- teEther
3.3. Fuzzing
- ContractFuzzer
- sFuzz
3.4. Taint Analysis
- Sereum
- Ethainter
4. Smart Contract Vulnerability Detection Tools and Comparison
4.1. Enumeration of Smart Contract Vulnerability Detection Tools
- Vaas
- Mythril
- Securify
- Manticore
- Slither
4.2. Comparison of Existing Tools
4.2.1. Vulnerability Coverage
4.2.2. Detection Effectiveness
4.2.3. Open-Source Availability
4.2.4. Integration Capabilities
5. Future Directions and Challenges in Web 3.0
5.1. Community with a Shared Future in Cyberspace
5.2. Challenges and Discussions
- Evolution of vulnerabilities: With the development of Web 3.0, the number and complexity of smart contract platforms and protocols will continue to increase, leading to more potential vulnerabilities and security risks. Therefore, smart contract security detection techniques need to constantly evolve and adapt to the characteristics and functionalities of emerging platforms and protocols. For instance, Ethereum introduced a new token standard, ERC777, which allows fallback functions to be invoked during token transfers. Due to developers’ misunderstandings regarding the new features of ERC777, a new form of reentrancy vulnerability emerged, resulting in substantial financial losses for smart contracts.
- Dynamic nature of smart contracts: Smart contracts often involve interactions and data flows among multiple contracts, including receiving external data and invoking external contracts. This dynamic nature adds complexity to the analysis and increases the number and types of potential vulnerabilities, since the behavior of external interactions is unknown and can lead to security loopholes. Therefore, vulnerability detection techniques need to be able to analyze and understand complex relationships among contracts and accurately identify potential security issues.
- Interoperability of smart contracts: Integration and interoperability of smart contracts with other technologies will also pose challenges. The Web 3.0 ecosystem will include multiple smart contract platforms and blockchain protocols, which may have incompatibilities and security vulnerabilities. Therefore, smart contract security vulnerability detection techniques need to have the capability to work across platforms and protocols to ensure comprehensive security.
- Limitations of detection methods: Most of the current techniques rely on vulnerability detection methods such as fuzz testing, symbolic execution, and formal verification, which themselves have limitations. For example, formal verification methods have advantages in verifying the correctness of smart contracts but are limited by contract size and complexity. Symbolic execution methods can explore different execution paths of contracts but may suffer from path explosion issues, leading to insufficient computational resources for complex contracts. Fuzz testing methods can uncover some implicit vulnerabilities but may have limited effectiveness in complex contract logic and data flow dependencies. Taint analysis methods can trace and analyze potential vulnerability sources in data flows but may not accurately identify and locate all vulnerabilities in complex data flows and interaction patterns.
- Resource constraints: The rapid development of the Web 3.0 field has led to the emergence of numerous small projects and start-ups. However, these entities may face challenges in securing sufficient funds and professionals to conduct comprehensive smart contract security audits.
6. Conclusions
Funding
Data Availability Statement
Conflicts of Interest
References
- Nakamoto, S.; Bitcoin, A. A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 9 June 2023).
- Buterin, V. A next-generation smart contract and decentralized application platform. White Pap. 2014, 3, 1–2. [Google Scholar]
- Wang, S.; Huang, C.; Li, J.; Yuan, Y.; Wang, F.-Y. Decentralized construction of knowledge graphs for deep recommender systems based on blockchain-powered smart contracts. IEEE Access 2019, 7, 136951–136961. [Google Scholar] [CrossRef]
- Gupta, B.B.; Li, K.-C.; Leung, V.C.; Psannis, K.E.; Yamaguchi, S. Blockchain-assisted secure fine-grained searchable encryption for a cloud-based healthcare cyber-physical system. IEEE CAA J. Autom. Sin. 2021, 8, 1877–1890. [Google Scholar]
- Wang, D.; Wu, S.; Lin, Z.; Wu, L.; Yuan, X.; Zhou, Y.; Wang, H.; Ren, K. Towards a first step to understand flash loan and its applications in defi ecosystem. In Proceedings of the Ninth International Workshop on Security in Blockchain and Cloud Computing, Matsue, Japan, 23–26 November 2021; pp. 23–28. [Google Scholar]
- Li, H.; Wu, J.; Xing, K.; Yi, P.; Lan, J.; Ji, X.; Liu, Q.; Chen, S.; Liang, W.; Wei, J. The Prototype of Decentralized Multilateral Co-Governing Post-IP Internet Architecture and Its Testing on Operator Networks. arXiv 2019, arXiv:1906.06901. [Google Scholar]
- Li, H.; Wu, J.; Yang, X.; Wang, H.; Lan, J.; Xu, K.; Tan, H.; Wei, J.; Liang, W.; Zhu, F. MIN: Co-governing multi-identifier network architecture and its prototype on operator’s network. IEEE Access 2020, 8, 36569–36581. [Google Scholar] [CrossRef]
- Li, H.; Yang, X. Co-Governed Sovereignty Network: Legal Basis and Its Prototype & Applications with MIN Architecture; Springer Nature: Berlin/Heidelberg, Germany, 2021. [Google Scholar]
- Mehar, M.I.; Shier, C.L.; Giambattista, A.; Gong, E.; Fletcher, G.; Sanayhie, R.; Kim, H.M.; Laskowski, M. Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack. J. Cases Inf. Technol. 2019, 21, 19–32. [Google Scholar] [CrossRef]
- Cao, X.; Zhang, J.; Wu, X.; Liu, B. A survey on security in consensus and smart contracts. Peer Peer Netw. Appl. 2022, 15, 1008–1028. [Google Scholar] [CrossRef]
- Kushwaha, S.S.; Joshi, S.; Singh, D.; Kaur, M.; Lee, H.-N. Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access 2022, 10, 6605–6621. [Google Scholar] [CrossRef]
- Yamashita, K.; Nomura, Y.; Zhou, E.; Pi, B.; Jun, S. Potential risks of hyperledger fabric smart contracts. In Proceedings of the 2019 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Hangzhou, China, 24 February 2019; pp. 1–10. [Google Scholar]
- Praitheeshan, P.; Pan, L.; Yu, J.; Liu, J.; Doss, R. Security analysis methods on ethereum smart contract vulnerabilities: A survey. arXiv 2019, arXiv:1908.08605. [Google Scholar]
- Zuo, Z. Development, Application, And Regulation of Web3.0. Front. Bus. Econ. Manag. 2023, 9, 22–27. [Google Scholar] [CrossRef]
- Gupta, N.A.; Bansal, M.; Sharma, S.; Mehrotra, D.; Kakkar, M. Detection of Vulnerabilities in Blockchain Smart Contracts: A Review. In Proceedings of the 2023 International Conference on Computational Intelligence, Communication Technology and Networking (CICTN), Ghaziabad, India, 20–21 April 2023; pp. 558–562. [Google Scholar]
- Atzei, N.; Bartoletti, M.; Cimoli, T. A survey of attacks on ethereum smart contracts (sok). In Proceedings of the Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, 22–29 April 2017; pp. 164–186. [Google Scholar]
- Grossman, S.; Abraham, I.; Golan-Gueta, G.; Michalevsky, Y.; Rinetzky, N.; Sagiv, M.; Zohar, Y. Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2017, 2, 1–28. [Google Scholar] [CrossRef]
- Lai, E.; Luo, W. Static analysis of integer overflow of smart contracts in ethereum. In Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy, Nanjing, China, 10–12 January 2020; pp. 110–115. [Google Scholar]
- Dwivedi, V.; Pattanaik, V.; Deval, V.; Dixit, A.; Norta, A.; Draheim, D. Legally enforceable smart-contract languages: A systematic literature review. ACM Comput. Surv. 2021, 54, 1–34. [Google Scholar] [CrossRef]
- Modi, R. Solidity Programming Essentials: A Beginner’s Guide to Build Smart Contracts for Ethereum and Blockchain; Packt Publishing Ltd.: Birmingham, UK, 2018. [Google Scholar]
- Zupan, N.; Kasinathan, P.; Cuellar, J.; Sauer, M. Secure smart contract generation based on petri nets. In Blockchain Technology for Industry 4.0: Secure, Decentralized, Distributed and Trusted Industry Environment; Springer: Berlin/Heidelberg, Germany, 2020; pp. 73–98. [Google Scholar]
- Chen, W.; Zheng, Z.; Ngai, E.C.-H.; Zheng, P.; Zhou, Y. Exploiting blockchain data to detect smart ponzi schemes on ethereum. IEEE Access 2019, 7, 37575–37586. [Google Scholar] [CrossRef]
- Ji, M.; Liang, G.; Li, M.; Zhang, H.; He, J. Security Analysis of Blockchain Smart Contract: Taking Reentrancy Vulnerability as an Example. In Proceedings of the Advances in Artificial Intelligence and Security: 7th International Conference, ICAIS 2021, Proceedings, Part III 7, Dublin, Ireland, 19–23 July 2021; pp. 492–501. [Google Scholar]
- Samreen, N.F.; Alalfi, M.H. A survey of security vulnerabilities in ethereum smart contracts. arXiv 2021, arXiv:2105.06974. [Google Scholar]
- Wang, C.; Jiang, H.; Wang, Y.; Huang, Q.; Zuo, Z. Research on smart contract vulnerability detection method based on domain features of solidity contracts and attention mechanism. J. Intell. Fuzzy Syst. 2023, 45, 1513–1525. [Google Scholar] [CrossRef]
- Tantikul, P.; Ngamsuriyaroj, S. Exploring Vulnerabilities in Solidity Smart Contract. In Proceedings of the ICISSP, Valletta, Malta, 25–27 February 2020; pp. 317–324. [Google Scholar]
- Fu, M.; Wu, L.; Hong, Z.; Feng, W. Research on vulnerability mining technique for smart contracts. J. Comput. Appl. 2019, 39, 1959. [Google Scholar]
- Wei, G.; Li, H.; Bai, Y.; Yang, X.; Zhang, H.; Que, J.; Li, W. Co-governed Space-Terrestrial Integrated Network Architecture and Prototype Based on MIN. In Proceedings of the 2021 International Conference on Computer Communications and Networks (ICCCN), Athens, Greece, 19–22 July 2021; pp. 1–6. [Google Scholar]
- Wang, H.; Li, H.; Smahi, A.; Zhao, F.; Yao, Y.; Chan, C.C.; Wang, S.; Yang, W.; Li, S.-Y.R. MIS: A Multi-Identifier Management and Resolution System in the Metaverse. ACM Trans. Multimedia Comput. Commun. Appl. 2023. [Google Scholar] [CrossRef]
- Qin, K.; Zhou, L.; Livshits, B.; Gervais, A. Attacking the defi ecosystem with flash loans for fun and profit. In Proceedings of the Financial Cryptography and Data Security: 25th International Conference, FC 2021, Virtual Event, 1–5 March 2021; pp. 3–32. [Google Scholar]
- Cao, Y.; Zou, C.; Cheng, X. Flashot: A snapshot of flash loan attack on DeFi ecosystem. arXiv 2021, arXiv:2102.00626. [Google Scholar]
- Wu, J.; Lin, K.; Lin, D.; Zheng, Z.; Huang, H.; Zheng, Z. Financial Crimes in Web3-empowered Metaverse: Taxonomy, Countermeasures, and Opportunities. IEEE Open J. Comput. Soc. 2023, 4, 37–49. [Google Scholar] [CrossRef]
- Chen, C.; Zhang, L.; Li, Y.; Liao, T.; Zhao, S.; Zheng, Z.; Huang, H.; Wu, J. When digital economy meets web 3.0: Applications and challenges. IEEE Open J. Comput. Soc. 2022, 3, 233–245. [Google Scholar] [CrossRef]
- O’Regan, G. Overview of Formal Methods. In Concise Guide to Formal Methods: Theory, Fundamentals and Industry Applications; Springer: Newy York, NY, USA, 2017; pp. 41–63. [Google Scholar]
- Vivar, A.L.; Orozco, A.L.S.; Villalba, L.J.G. A security framework for Ethereum smart contracts. Comput. Commun. 2021, 172, 119–129. [Google Scholar] [CrossRef]
- Albert, E.; Gordillo, P.; Livshits, B.; Rubio, A.; Sergey, I. Ethir: A framework for high-level analysis of ethereum bytecode. In Proceedings of the Automated Technology for Verification and Analysis: 16th International Symposium, ATVA 2018, Los Angeles, CA, USA, 7–10 October 2018; pp. 513–520. [Google Scholar]
- Coward, P.D. Symbolic execution systems—A review. Softw. Eng. J. 1988, 3, 229–239. [Google Scholar] [CrossRef]
- Luu, L.; Chu, D.-H.; Olickel, H.; Saxena, P.; Hobor, A. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24 October 2016; pp. 254–269. [Google Scholar]
- Krupp, J.; Rossow, C. teether: Gnawing at ethereum to automatically exploit smart contracts. In Proceedings of the 27th {USENIX} Security Symposium ({USENIX} Security 18), Baltimore, MD, USA, 15–17 August 2018; pp. 1317–1333. [Google Scholar]
- He, J.; Balunović, M.; Ambroladze, N.; Tsankov, P.; Vechev, M. Learning to fuzz from symbolic execution with application to smart contracts. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 531–548. [Google Scholar]
- Li, J.; Zhao, B.; Zhang, C. Fuzzing: A survey. Cybersecurity 2018, 1, 1–13. [Google Scholar] [CrossRef]
- Jiang, B.; Liu, Y.; Chan, W.K. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, Montpellier, France, 3–7 September 2018; pp. 259–269. [Google Scholar]
- Nguyen, T.D.; Pham, L.H.; Sun, J.; Lin, Y.; Minh, Q.T. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, Republic of Korea, 27 June–19 July 2020; pp. 778–788. [Google Scholar]
- Medeiros, I.; Neves, N.; Correia, M. Detecting and removing web application vulnerabilities with static analysis and data mining. IEEE Trans. Reliab. 2015, 65, 54–69. [Google Scholar] [CrossRef]
- Ji, S.; Dong, J.; Qiu, J.; Gu, B.; Wang, Y.; Wang, T. Increasing fuzz testing coverage for smart contracts with dynamic taint analysis. In Proceedings of the 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), Hainan Island, China, 6–10 December 2021; pp. 243–247. [Google Scholar]
- Rodler, M.; Li, W.; Karame, G.O.; Davi, L. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv 2018, arXiv:1812.05934. [Google Scholar]
- Brent, L.; Grech, N.; Lagouvardos, S.; Scholz, B.; Smaragdakis, Y. Ethainter: A smart contract security analyzer for composite vulnerabilities. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, London, UK, 15–20 June 2020; pp. 454–469. [Google Scholar]
- Beosin. Automated Formal Verification Platform for Smart Contract. Available online: https://beosin.com/ (accessed on 9 June 2023).
- Mythril. A Framework for Bug Hunting on the Ethereum Blockchain. Available online: https://mythx.io/ (accessed on 9 June 2023).
- Tsankov, P.; Dan, A.; Drachsler-Cohen, D.; Gervais, A.; Buenzli, F.; Vechev, M. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 67–82. [Google Scholar]
- Mossberg, M.; Manzano, F.; Hennenfent, E.; Groce, A.; Grieco, G.; Feist, J.; Brunson, T.; Dinaburg, A. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA, 10–15 November 2019; pp. 1186–1189. [Google Scholar]
- Feist, J.; Grieco, G.; Groce, A. Slither: A static analysis framework for smart contracts. In Proceedings of the 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Montreal, QC, Canada, 27 May 2019; pp. 8–15. [Google Scholar]
- Nikolić, I.; Kolluri, A.; Sergey, I.; Saxena, P.; Hobor, A. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, 3–7 December 2018; pp. 653–663. [Google Scholar]
- Frank, J.; Aschermann, C.; Holz, T. ETHBMC: A bounded model checker for smart contracts. In Proceedings of the 29th USENIX Conference on Security Symposium, Boston, MA, USA, 12–14 August 2020; pp. 2757–2774. [Google Scholar]
- Godefroid, P. Fuzzing: Hack, art, and science. Commun. ACM 2020, 63, 70–76. [Google Scholar] [CrossRef]
- Cadar, C.; Godefroid, P.; Khurshid, S.; Păsăreanu, C.S.; Sen, K.; Tillmann, N.; Visser, W. Symbolic execution for software testing in practice: Preliminary assessment. In Proceedings of the 33rd International Conference on Software Engineering, Honolulu, HI, USA, 21–28 May 2011; pp. 1066–1071. [Google Scholar]
- Dai, P.; Pan, Z.; Li, Y. A Review of Researching on Dynamic Taint Analysis Technique. In Proceedings of the 2018 3rd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2018), Chongqing, China, 15–16 December 2018; pp. 118–123. [Google Scholar]
- Zhang, Q.; Wang, Y.; Li, J.; Ma, S. Ethploit: From fuzzing to efficient exploit generation against smart contracts. In Proceedings of the 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), London, ON, Canada, 21–28 February 2020; pp. 116–126. [Google Scholar]
- Atzori, M. Blockchain Technology and Decentralized Governance: Is the State Still Necessary? Available online: https://ssrn.com/abstract=2709713 (accessed on 9 June 2023).
- Wang, Q.; Su, M. Integrating blockchain technology into the energy sector—From theory of blockchain to research and application of energy blockchain. Comput. Sci. Rev. 2020, 37, 100275. [Google Scholar] [CrossRef]
- Bai, H.; Li, H.; Que, J.; Zhang, M.; Chong, P.H.J. DSCCP: A Differentiated Service-based Congestion Control Protocol for Information-Centric Networking. In Proceedings of the 2022 IEEE Wireless Communications and Networking Conference (WCNC), Shanghai, China, 7–10 April 2022; pp. 1641–1646. [Google Scholar]
- Litvinenko, V. Digital economy as a factor in the technological development of the mineral sector. Nat. Resour. Res. 2020, 29, 1521–1541. [Google Scholar] [CrossRef]
- Xu, J.J. Are blockchains immune to all malicious attacks? Financ. Innov. 2016, 2, 25. [Google Scholar] [CrossRef]
Detection Tool | Detection Approach | Supported Type of Vulnerabilities | Open-Source Language | Detection Accuracy | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Solidity Layer | EVM Layer | Block Layer | ||||||||||
Reentrancy | Integer Error | Exception Handling | Logical Error | Short Address Attack | Tx.origin | Call-Stack Overflow | Timestamp Dependency | Transaction Order Dependency | ||||
F* framework | Formal Verification | √ | √ | √ | - 1 | - | - | - | √ | √ | - | Medium |
EthIR | √ | √ | √ | - | - | - | - | √ | √ | Python | Medium | |
EthBMC | √ | - | - | - | - | - | - | √ | √ | Python | High | |
Oyente | Symbolic Execution | √ | √ | √ | - | √ | - | √ | √ | √ | Python | Low |
teEther | √ | √ | √ | √ | √ | - | - | - | - | Python | Medium | |
Slither | √ | - | √ | - | - | √ | √ | √ | - | Python | High | |
Manticore | √ | √ | - | - | √ | - | - | - | - | Python | Medium | |
ContractFuzzer | Fuzzing | √ | √ | - | - | √ | - | - | √ | - | Go | Medium |
sFuzz | √ | √ | - | √ | √ | - | - | √ | - | C++ | Medium | |
Harvey | √ | √ | - | √ | √ | - | - | √ | - | Solidity | Medium | |
Sereum | Taint Analysis | √ | √ | √ | - | - | - | - | √ | √ | Java | High |
Ethainter | √ | √ | - | - | - | - | - | √ | - | Solidity | High | |
Vaas | Integrated | √ | √ | √ | - | - | √ | - | √ | - | Solidity | High |
Mythril | √ | √ | - | - | - | √ | - | √ | - | Python | High | |
Securify | √ | - | √ | √ | √ | √ | √ | √ | √ | Solidity | Medium | |
Mythx | √ | √ | - | - | - | √ | - | √ | - | python | High |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Li, H.; Dang, R.; Yao, Y.; Wang, H. A Review of Approaches for Detecting Vulnerabilities in Smart Contracts within Web 3.0 Applications. Blockchains 2023, 1, 3-18. https://doi.org/10.3390/blockchains1010002
Li H, Dang R, Yao Y, Wang H. A Review of Approaches for Detecting Vulnerabilities in Smart Contracts within Web 3.0 Applications. Blockchains. 2023; 1(1):3-18. https://doi.org/10.3390/blockchains1010002
Chicago/Turabian StyleLi, Hui, Ranran Dang, Yao Yao, and Han Wang. 2023. "A Review of Approaches for Detecting Vulnerabilities in Smart Contracts within Web 3.0 Applications" Blockchains 1, no. 1: 3-18. https://doi.org/10.3390/blockchains1010002