Detection of Vulnerabilities of Blockchain Smart Contracts
Document Type
Article
Publication Title
IEEE Internet of Things Journal
Abstract
With the wide application of IoT and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This paper first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: formal verification method, symbol execution method, fuzzy testing method, intermediate representation method, stain analysis method and deep learning method. We test 27 detection tools, and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods such as deep learning method and dynamic detection methods including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future.
First Page
1
Last Page
1
DOI
10.1109/JIOT.2023.3241544
Publication Date
2-1-2023
Keywords
Bitcoin, Blockchain, Blockchains, Deep learning, Internet of Things, Security, smart contract, Smart contracts, Testing, vulnerability detection
Recommended Citation
D. He, R. Wu, X. Li, S. Chan and M. Guizani, "Detection of Vulnerabilities of Blockchain Smart Contracts," in IEEE Internet of Things Journal,, pp. 1-1, Feb 2023, doi: 10.1109/JIOT.2023.3241544.
Comments
IR Deposit conditions:
OA version (pathway a) Accepted version
No embargo
When accepted for publication, set statement to accompany deposit (see policy)
Must link to publisher version with DOI
Publisher copyright and source must be acknowledged