|
Transactions and Transaction Logs analysisBog'liq Huaqun Xingjie - A Survey on blockchain Technology and its Security - 2022 March
Transactions and Transaction Logs analysis. In 2020
TxSpector [103] was the first generic framework to perform
bytecode-level,
logic-driven
analysis
on
Ethereum
transactions for attack detection, such as Reentrancy,
UncheckedCall,
Suicidal
Vulnerability,
Timestamp
Dependence, Misuse-of-Origin, Failed Send, Mishandled
Exception, Unsecured Balance, and DoS. Based on the
transaction logs, an Ever-evolving Game was presented also
in 2020 to analyze attacks in real-world and defenses adopted
in the wild [104].
Honeypot Smart Contracts. Instead of exploit the
vulnerabilities of smart contracts, hackers developed
honeypot smart contract with hidden traps, and H
ONEY
B
ADGER
was developed in 2019 to analyze more than 2 million smart
contracts and identify 690 honeypot smart contract [105].
Consensus Algorithm Analysis. In 2016 a group of
researchers from ETH Zurich and NEC Laboratories
presented a framework to quantitatively analyze the PoW’s
security and performance [106]. In 2019 Zhang and Preneel
evaluated and showed that PoW could not achieve the ideal
chain quality and could not be resistant against attacks of
selfish mining, double-spending and feather-forking [107].
B. Detecting Malicious Codes & Bugs
In 2018 Jiang et al. proposed Contractfuzzer to fuzz smart
contracts to detect vulnerability [108], Liu et al. presented
Reguard of a fuzzing-based analyzer in their demo paper to
automatically detect the reentrancy bugs of the most common
bug type in the smart contracts [109], and Hydra was
developed by Breidenbach et al. to use bug bounties to enable
rewarding of critical bugs and runtime detection [91]. In 2019,
EVMFuzzer was proposed to use differential fuzzing
technique by continuously generating seed contracts as input
to the target EVM and base on the execution results to detect
vulnerabilities of EVM [110]. In 2020, a lightweight test-
generation approach - HARVEY was presented to effectively
detect security vulnerabilities and bugs for smart contracts
[111].
C. Core Software Codes Security
In 2017 SmartPool as a decentralized mining pool was
designed to prevent the phenomenon that close 80% of
Ethereum’s and 95% of Bitcoin’s mining power resided with
less than six and ten mining pools respectively [112]. In 2019
Drijvers et al. pointed out subtle flaws with the two-round
multi-signature scheme and then proposed mBCJ as a
provably secure yet highly efficient alternative [113]. In 2020
Drijvers et al. presented Pixel, a pairing-based forward-secure
multisignature scheme, against posterior corruptions attack
[114], and Sun et al. presented Counter-RAPTOR to mitigate
and detect active routing attacks [115].
D. Secure Smart Contract
In 2016 Luu et al. presented methods to enhance Ethereum
operational semantics to reduce the smart contracts’
vulnerabilities [96]. In 2016, Town Crier was developed to
ensure only authenticated data to be input into the smart
contracts [116]. In 2018 FSolidM was presented as a tool to
enable the developers defining secure smart contracts as FSMs
(finite state machines) and enhance security and functionality
[117], and Arbitrum was designed to verify off-chain on what
a VM would do so as to improve scalability and privacy [118].
In 2020 a research group from Korea University described
V
ERI
S
MART
to ensure arithmetic safety to address security
concerns of Ethereum smart contracts [119].
E. Smart Contract Verification
In 2018 Amani et al. created a program logic at the
bytecode level to extend an existing EVM formalisation so as
to formally verify EVM smart contracts [120], and a formal
modeling approach was proposed by Abdellatif &
Brousmiche to verify the Blockchain and users’ behavior of
the smart contract [121]. In 2020 Sun & Yu established a
framework to verify the security vulnerabilities of smart
contracts, e.g., the Binance Coin (BNB) contract [122], and
Permenev et al. presented VerX to verify the functional
properties of smart contract of Ethereum automatically [123].
Journal Pre-proof
T
ABLE
VIII.
S
MART
C
ONTRACT
B
YTECODE
V
ULNERABILITY
A
NALYSIS
T
OOLS AND
F
EATURE
C
OMPARISON
|
| |
