Affiliation:
1. Michigan State University, USA
2. The Hong Kong Polytechnic University, Hong Kong
Abstract
The blockchain technology, initially created for cryptocurrency, has been re-purposed for recording state transitions of smart contracts—decentralized applications that can be invoked through external transactions. Smart contracts gained popularity and accrued hundreds of billions of dollars in market capitalization in recent years. Unfortunately, like all other computer programs, smart contracts are prone to security vulnerabilities that have incurred multibillion-dollar damages over the past decade. As a result, many automated threat mitigation solutions have been proposed to counter the security issues of smart contracts. These threat mitigation solutions include various tools and methods that are challenging to compare. This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model. We classify 133 existing threat mitigation solutions using our taxonomy and confirm that the proposed five dimensions allow us to concisely and accurately describe any smart contract threat mitigation solution. In addition to learning
what
the threat mitigation solutions do, we also show
how
these solutions work by synthesizing their actual designs into a set of uniform workflows corresponding to the eight existing defense core methods. We further create an integrated coverage map for the known smart contract vulnerabilities by the existing threat mitigation solutions. Finally, we perform the evidence-based evolutionary analysis, in which we identify trends and future perspectives of threat mitigation in smart contracts and pinpoint major weaknesses of the existing methodologies. For the convenience of smart contract security developers, auditors, users, and researchers, we deploy and maintain a regularly updated comprehensive open-source online registry of threat mitigation solutions, called Security Threat Mitigation (STM) Registry at
https://seit.egr.msu.edu/research/stmregistry/
.
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Reference190 articles.
1. Sathish Ramani. 2020. Exploring the Methods of Looking into Ethereum’s Transaction Pool (Mempool). Chainstack. Retrieved from https://chainstack.com/exploring-the-methods-of-looking-into-ethereums-transaction-pool/.
2. IBM. 2022. Artificial Intelligence (AI) for Cybersecurity. IBM. Retrieved from https://www.ibm.com/security/artificial-intelligence.
3. Dedaub. 2022. Dedadub Contract Library. Dedaub Ltd. Retrieved from https://dedaub.com/contract-library.
4. block.one. 2022. EOS.IO Technical White Paper v2. GitHub. Retrieved from https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md.
5. Etherscan. 2022. Etherscan Token Tracker. Etherscan. Retrieved from https://etherscan.io/tokens.
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献