/Smart_Contract_Security_Analysis

Papers of smart contract security analysis (and tools)

Papers and Tools for Smart Contract Security Analysis

This space tries to show all papers about security analysis of smart contract.

I stopped collecting research papers and stuffs about smart contract security in the middle of 2018. Hope this space help you little bit.

Contents

Overview

Vulnerability ReEntrancy Immutable Bugs Minhandled Exceptions TOD Untrusted Value Dependency Gas Costly Pattern tx.origin
Subordinate Items Integer Overflow/Underflow / Callstack Depth / Short Address Unchecked Send / Unchekced Low Level Calls Blackhash / Timestamp
Characteristics /Correlation DoS, Interaction Randomness DoS Interaction

Security Analysis Tools

Tools which are available. There can be paid services to use full features.

Name Available Path Features Related Paper
Oyente http://oyente.melon.fund symbolic execution [pdf]
Securify http://securify.ch formal verification [pdf]
Remix http://remix.ethereum.org solidity compiler, debugger
SmartCheck http://tool.smartdec.net static code analysis
Mythril https://github.com/ConsenSys/mythril concolic and taint analysis [pdf]
why3 http://why3.lri.fr/try/ formal verification, general tool

2018 papers

Newly published papers (in this year) which are worth reading

  • Securify: Practical Security Analysis of Smart Contracts (2018), Petar Tsankov et al. [pdf]
  • Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution (2018), Raymond Cheng et al. [pdf]
  • Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity (2018), Maximilian Wöhrer and Uwe Zdun. [pdf]
  • ZEUS: Analyzing Safety of Smart Contracts (2018), Sukrit Kalra et al. [pdf]
  • Finding The Greedy, Prodigal, and Suicidal Contracts at Scale (2018), Ivica Nikolic et al. [pdf]
  • Scilla: a Smart Contract Intermediate-Level LAnguage (2018), Ilya Sergey et al. [pdf]
  • Formal verification of smart contracts based on users and blockchain behaviors models (2018), Tesnim Abdellatif et al. [pdf]
  • Smashing Ethereum smart contracts for fun and real profit (2018), Bernhard Mueller. [pdf]
  • Towards Verifying Ethereum Smart Contract Bytecode in Isabelle/HOL (2018), Sidney Amani et al. [pdf]
  • SoK: unraveling Bitcoin smart contracts (2018), Nicola Atzei et al. [pdf]
  • From contracts to “smart” contracts (2018), Massimo Bartoletti et al. [pdf]
  • BitML : a calculus for Bitcoin smart contracts (2018), Massimo Bartoletti et al. [pdf]
  • Quantitative Analysis of Smart Contracts (2018), Krishnendu Chatterjee et al. [pdf]
  • Smart Contracts Vulnerabilities: A Call for Blockchain Software Engineering? (2018), Giuseppe Destefanis et al. [pdf]
  • Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity (2018), Maximilian Wöhrer and Uwe Zdun. [pdf]

2017 papers

Published papers in 2017 which are worth reading

  • Ethereum Smart Contracts: Security Vulnerabilities and Security Tools (2017), Ardit Dika. [pdf]
  • Validation and Verification of Smart Contracts: A Research Agenda (2017), Daniele Magazzeni et al. [pdf]
  • Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach (2017), Anastasia Mavridou et al. [pdf]
  • Ethereum: state of knowledge and research perspectives (2017),Sergei Tikhomirov. [pdf]
  • Quantstamp : The protocol for securing smart contracts (2017), Richard Ma et al. [pdf]
  • Findel: Secure Derivative Contracts for Ethereum (2017), Alex Biryukov et al. [pdf]

2015-6 papers

Published papers in 2015-6 (2015 is when smart contract was born) which are worth reading

  • Making Smart Contracts Smarter (2016), Loi Luu et al. [pdf]
  • Short Paper: Formal Verification of Smart Contracts (2016), Karthikeyan Bhargavan et al. [pdf]
  • A Survey of Attacks on Ethereum Smart Contracts (SoK) (2016),Nicola Atzei et al. [pdf]
  • Writing Secure Smart Contracts (2016), IC3. [pdf]
  • Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab (2015), Kevin Delmolino et al. [pdf]

Security SCI(E) Journal list

  • IEEE Transactions on Information Forensics and Security [web]
  • Computer & Security[web]
  • IET Information Security[web]
  • ACM Transactions on Information and System Security[web]
  • International Journal of Information Security[web]
  • Security and Communication Networks[web]
  • IEEE Security & Privacy[web]
  • IEEE Transactions on Dependable and Secure Computing [web]
  • Security and Communication Networks[web]
  • Computer Fraud & Security[web]

Links / Tutorials

(Links)

  • DASP TOP 10 [web]

  • Yoichi's Formal Verification of Ethereum Contracts [web]

  • How Formal Verification Can Ensure Flawless Smart Contracts (2018), Bernhard Mueller. [web]

  • Reversing Ethereum Smart Contracts [web]

  • Smart Contract Languages [web]

(Tutorials)

  • empty

References

  • Ethereum: A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM (2015), Vitalik Buterin. [pdf]
  • Ethereum Yellow Paper[pdf]
  • Bitcoin: A Peer-to-Peer Electronic Cash System (2009), Satoshi Nakamoto. [pdf]

License

CC0