TY - GEN
T1 - What are the Actual Flaws in Important Smart Contracts (And How Can We Find Them)?
AU - Groce, Alex
AU - Feist, Josselin
AU - Grieco, Gustavo
AU - Colburn, Michael
N1 - Publisher Copyright:
© 2020, International Financial Cryptography Association.
PY - 2020
Y1 - 2020
N2 - An important problem in smart contract security is understanding the likelihood and criticality of discovered, or potential, weaknesses in contracts. In this paper we provide a summary of Ethereum smart contract audits performed for 23 professional stakeholders, avoiding the common problem of reporting issues mostly prevalent in low-quality contracts. These audits were performed at a leading company in blockchain security, using both open-source and proprietary tools, as well as human code analysis performed by professional security engineers. We categorize 246 individual defects, making it possible to compare the severity and frequency of different vulnerability types, compare smart contract and non-smart contract flaws, and to estimate the efficacy of automated vulnerability detection approaches.
AB - An important problem in smart contract security is understanding the likelihood and criticality of discovered, or potential, weaknesses in contracts. In this paper we provide a summary of Ethereum smart contract audits performed for 23 professional stakeholders, avoiding the common problem of reporting issues mostly prevalent in low-quality contracts. These audits were performed at a leading company in blockchain security, using both open-source and proprietary tools, as well as human code analysis performed by professional security engineers. We categorize 246 individual defects, making it possible to compare the severity and frequency of different vulnerability types, compare smart contract and non-smart contract flaws, and to estimate the efficacy of automated vulnerability detection approaches.
UR - http://www.scopus.com/inward/record.url?scp=85089227492&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85089227492&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-51280-4_34
DO - 10.1007/978-3-030-51280-4_34
M3 - Conference contribution
AN - SCOPUS:85089227492
SN - 9783030512798
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 634
EP - 653
BT - Financial Cryptography and Data Security - 24th International Conference, FC 2020, Revised Selected Papers
A2 - Bonneau, Joseph
A2 - Heninger, Nadia
PB - Springer
T2 - 24th International Conference on Financial Cryptography and Data Security, FC 2020
Y2 - 10 February 2020 through 14 February 2020
ER -