What are the Actual Flaws in Important Smart Contracts (And How Can We Find Them)?

Alex Groce, Josselin Feist, Gustavo Grieco, Michael Colburn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Scopus citations

Abstract

An important problem in smart contract security is understanding the likelihood and criticality of discovered, or potential, weaknesses in contracts. In this paper we provide a summary of Ethereum smart contract audits performed for 23 professional stakeholders, avoiding the common problem of reporting issues mostly prevalent in low-quality contracts. These audits were performed at a leading company in blockchain security, using both open-source and proprietary tools, as well as human code analysis performed by professional security engineers. We categorize 246 individual defects, making it possible to compare the severity and frequency of different vulnerability types, compare smart contract and non-smart contract flaws, and to estimate the efficacy of automated vulnerability detection approaches.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography and Data Security - 24th International Conference, FC 2020, Revised Selected Papers
EditorsJoseph Bonneau, Nadia Heninger
PublisherSpringer
Pages634-653
Number of pages20
ISBN (Print)9783030512798
DOIs
StatePublished - 2020
Event24th International Conference on Financial Cryptography and Data Security, FC 2020 - Kota Kinabalu, Malaysia
Duration: Feb 10 2020Feb 14 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12059 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference24th International Conference on Financial Cryptography and Data Security, FC 2020
Country/TerritoryMalaysia
CityKota Kinabalu
Period2/10/202/14/20

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'What are the Actual Flaws in Important Smart Contracts (And How Can We Find Them)?'. Together they form a unique fingerprint.

Cite this