A security framework for Ethereum smart contracts

Abstract The use of blockchain and smart contracts have not stopped growing in recent years. Like all software that begins to expand its use, it is also beginning to be targeted by hackers who will try to exploit vulnerabilities in both the underlying technology and the smart contract code itself. While many tools already exist for analysing vulnerabilities in smart contracts, the heterogeneity and variety of approaches and differences in providing the analysis data makes the learning curve for the smart contract developer steep. In this article the authors present ESAF (Ethereum Security Analysis Framework), a framework for analysis of smart contracts that aims to unify and facilitate the task of analysing smart contract vulnerabilities which can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.

[1]  Fabien A. P. Petitcolas,et al.  A First Look at Identity Management Schemes on the Blockchain , 2018, IEEE Security & Privacy.

[2]  Wojciech Szpankowski,et al.  Patricia tries again revisited , 1990, JACM.

[3]  Alex Groce,et al.  Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[4]  Laurie A. Williams,et al.  On the value of static analysis for fault detection in software , 2006, IEEE Transactions on Software Engineering.

[5]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[6]  Thomas Ball,et al.  The concept of dynamic analysis , 1999, ESEC/FSE-7.

[7]  Ivan Kotuliak,et al.  Enhancing Border Gateway Protocol Security Using Public Blockchain , 2020, Sensors.

[8]  Gernot Salzer,et al.  A Survey of Tools for Analyzing Ethereum Smart Contracts , 2019, 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON).

[9]  Carlo Ghezzi,et al.  Formal Verification With Confidence Intervals to Establish Quality of Service Properties of Software Systems , 2016, IEEE Transactions on Reliability.

[10]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[11]  Sahil Puri,et al.  A Survey and Comparison of Relational and Non-Relational Database , 2012 .

[12]  Feng Hao,et al.  A Smart Contract for Boardroom Voting with Maximum Voter Privacy , 2017, IACR Cryptol. ePrint Arch..

[13]  Burkhard Stiller,et al.  Blockchains everywhere - a use-case of blockchains in the pharma supply-chain , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[14]  Yannis Smaragdakis,et al.  MadMax: surviving out-of-gas conditions in Ethereum smart contracts , 2018, Proc. ACM Program. Lang..

[15]  Wei Cai,et al.  Proof-of-Play: A Novel Consensus Model for Blockchain-based Peer-to-Peer Gaming System , 2019, BSCI.

[16]  Roberto Saia,et al.  Analysis of a Consensus Protocol for Extending Consistent Subchains on the Bitcoin Blockchain , 2020, Comput..

[17]  Mustafa Al-Bassam SCPKI: A Smart Contract-based PKI and Identity System , 2017 .

[18]  Wensheng Yu,et al.  A Formal Verification Framework for Security Issues of Blockchain Smart Contracts , 2020 .

[19]  Guido Rossum,et al.  Python Reference Manual , 2000 .

[20]  Gareth W. Peters,et al.  Understanding Modern Banking Ledgers Through Blockchain Technologies: Future of Transaction Processing and Smart Contracts on the Internet of Money , 2015, ArXiv.

[21]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[22]  Albert Rubio,et al.  EthIR: A Framework for High-Level Analysis of Ethereum Bytecode , 2018, ATVA.

[23]  L. Javier García-Villalba,et al.  An Analysis of Smart Contracts Security Threats Alongside Existing Solutions , 2020, Entropy.

[24]  Livio Pompianu,et al.  An overview of blockchain-based systems and smart contracts for digital coupons , 2020, ICSE.

[25]  Nir Kshetri,et al.  Blockchain-Enabled E-Voting , 2018, IEEE Software.

[26]  Dirk Merkel,et al.  Docker: lightweight Linux containers for consistent development and deployment , 2014 .

[27]  N. Agoulmine,et al.  Towards using blockchain technology for eHealth data access management , 2017, 2017 Fourth International Conference on Advances in Biomedical Engineering (ICABME).

[28]  Blockchain Disruption and Smart Contracts , 2019 .

[29]  Radu State,et al.  Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts , 2018, ACSAC.