智能合约安全综述

doi:10.11959/j.issn.2096-109x.2020030

Abstract

Abstract:

Blockchain provides a new technology for building transmission and trust mechanism of social ralue.The rapid development of blockchain has promoted the deep integration of smart contract with artificial Intelligence,big data and internet of things,so its security has attracted attention.In recent years,researches on security of blockchain and smart contract have made great progress.Thus,based on smart contract on the blockchain,the related works on security of operating mechanism,on-chain smart contract security and off-chain security were classified,analyzed,compared,summarized and discussed.The hot issues of smart contract security in the future were forecasted.

Key words: blockchain, smart contract, on-chain security, off-chain security, security analysis

CLC Number:

TP393

Bo MENG,Jiabing LIU,Qin LIU,Xiaoxiao WANG,Xurui ZHENG,Dejun WANG. Survey of smart contract security[J]. Chinese Journal of Network and Information Security, 2020, 6(3): 1-13.

Figures/Tables 6

References 55

[1]	WIKIPEDIA. Smart contract[EB].
[2]	SZABO N . Formalizing and securing relationships on public networks[J]. First Monday, 1997,2(9).
[3]	OUADDAH A , ABOU E A , AIT O A . Fair-access:a new blockchain-based access control framework for the Internet of things[J]. Security and Communication Networks, 2016,9(18): 5943-5964.
[4]	ZHENG Z , XIE S , DAI H ,et al. An overview of blockchain technology:architecture,consensus,and future trends[C]// 2017 IEEE International Congress on Big Data. 2017: 557-564.
[5]	LI X , JIANG P , CHEN T ,et al. A survey on the security of blockchain systems[J]. Future Generation Computer Systems, 2017,10(8): 274-287.
[6]	YLI-HUUMO J , KO D , CHOI S ,et al. Where is current research on blockchain technology —a systematic review[J]. PloS one, 2016,11(10).
[7]	ZHENG Z , XIE S , DAI H N ,et al. Blockchain challenges and opportunities:a survey[J]. International Journal of Web and Grid Services, 2018,14(4): 352-375.
[8]	DINH T A , WANG J , CHEN G ,et al. Blockbench:a framework for analyzing private blockchains[C]// The 2017 ACM International Conference on Management of Data. New York:ACM, 2017: 1085-1100.
[9]	BARTOLETTI M , POMPIANU L . An empirical analysis of smart contracts:platforms,applications,and design patterns[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2017: 494-509.
[10]	ZHENG Z , XIE S , DAI H N ,et al. Blockchain challenges and opportunities:a survey[J]. International Journal of Web and Grid Services, 2018,14(4): 352-375.
[11]	WOOD G . Ethereum:a secure decentralised generalised transaction ledger[J]. Ethereum Project Yellow Paper, 2014,151: 1-32.
[12]	BOGNER A , CHANSON M , MEEUW A . A decentralised sharing app running a smart contract on the ethereum block-chain[C]// The 6th International Conference on the Internet of Things. New York:ACM, 2016: 177-178.
[13]	ANDROULAKI E , BARGER A , BORTNIKOV V ,et al. Hyperledger Fabric:a distributed operating system for permissioned block-chains[C]// The Thirteenth EuroSys Conference. New York:ACM, 2018:30.
[14]	CACHIN C , . Architecture of the hyperledger blockchain fabric[C]// Workshop on Distributed Cryptocurrencies and Consen-susLed- gers. 2016,310.
[15]	WANG S , YUAN Y , WANG X ,et al. An overview of smart contract:architecture,applications,and future trends[C]// 2018 IEEE Intelligent Vehicles Symposium (IV). 2018: 108-113.
[16]	LI J , TANG J , ZHANG J ,et al. Eos:expertise oriented search using social networks[C]// The 16th international conference on World Wide Web. 2007: 1271-1272.
[17]	KALRA S , GOEL S , DHAWAN M ,et al. Zeus:analyzing safety of smart contracts[C]// The 25th Annual Network and Distributed System Security Symposium. 2018: 18-21.
[18]	SáNCHEZ D C . Raziel:private and verifiable smart contracts on blockchains[J]. arXiv preprint,arXiv:1807.09484, 2018
[19]	DARGAYE Z , KIRCHNER F , TUCCI-PIERGIOVANNI S .et al Towards secure and trusted-by-design smart contracts[C]// The 29th Francophone Days of Application Languages. 2018: 7-18.
[20]	KOSBA A , MILLER A , SHI E ,et al. Hawk:the blockchain model of cryptography and privacy-preserving smart contracts[C]// 2016 IEEE symposium on security and privacy (SP). 2016: 839-858.
[21]	W?HRER M , ZDUN U . Smart contracts:security patterns in the Ethereum ecosystem and solidity[C]// 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE). 2018: 2-8.
[22]	付梦琳, 吴礼发, 洪征 ,等. 智能合约安全漏洞挖掘技术研究[J]. 计算机应用, 2019,39(7): 1959-1966.
	FU M L , WU L F , HONG Z ,et al. Research on smart contract security vulnerability mining technology[J]. Journal of Computer Applications, 2019,39(7): 1959-1966.
[23]	NATOLI C , GRAMOLI V . The blockchain anomaly[J]. arXiv preprint,arXiv:1605.05438, 2016
[24]	ATZEI N , BARTOLETTI M , CIMOLI T . A survey of attacks on Ethereum smart contracts (SOK)[C]// Principles of Security and Trust. 2017: 164-186.
[25]	TONELLI R , DESTEFANIS G , MARCHESI M ,et al. Smart contracts software metrics:a first study[J]. arXiv preprint,arXiv:1802.01517, 2018
[26]	GRISHCHENKO I , MAFFEI M , SCHNEIDEWIND C . A semantic framework for the security analysis of Ethereum smart contracts[C]// International Conference on Principles of Security and Trust. Berlin:Springer, 2018: 243-269
[27]	FRANTZ C K , NOWOSTAWSKI M . From institutions to code:towards automated generation of smart contracts[C]// 2016 IEEE 1st International Workshops on Foundations and Applications of SelfSystems (FASW). 2016: 210-215.
[28]	CLACK C D , BAKSHI V A , BRAINE L . Smart contract templates:foundations,design landscape and research directions[J]. arXivpre-print,arXiv:1608.00771, 2016
[29]	沈鑫, 裴庆祺, 刘雪峰 . 区块链技术综述[J]. 网络与信息安全学报, 2016,2(11): 11-20.
	SHEN X , PEI Q Q , LIU X F . Survey of block chain[J]. Chinese Journal of Network and Information Security, 2016,2(11): 11-20.
[30]	周学峰, 赵梓皓 . 解析计算法律学[J]. 北京：中国计算机学会通讯, 2017: 43-51.
	ZHOU X F , ZHAO Z H . Analysis of computational law[J]. Beijing:Communications of the CCF, 2017: 43-51
[31]	NECULA G . Proof-carrying code[J]. Encyclopedia of Cryptography ＆ Security, 1996,141(1): 106-119.
[32]	THOMAS D , PAUL G , MAURICE H ,et al. Proof-carrying smart contracts[J]. Stevens Institute of Technology, 2018, 325-338.
[33]	LUU L , CHU D H , OLICKEL H ,et al. Making smart contracts smarter[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 254-269.
[34]	BHARGAVAN K , DELIGNAT-LAVAUD A FOURNET C ,et al. Formal verification of smart contracts:short paper[C]// The 2016 ACM Workshop on Programming Languages and Analysis for Security. New York:ACM, 2016: 91-96.
[35]	BAI X , CHENG Z , DUAN Z ,et al. Formal modeling and verification of smart contracts[C]// The 7th International Conference on Software and Computer Applications. Washington:ACM, 2018: 322-326.
[36]	章峰, 史博轩, 蒋文保 . 区块链关键技术及应用研究综述[J]. 网络与信息安全学报, 2018,4(4): 22-29.
	ZHANG F , SHI B X , JIANG W B . Review of key technology and its application of blockchain[J]. Chinese Journal of Network and Information Security, 2018,4(4): 22-29.
[37]	薛锐, 吴迎, 刘牧华 ,等. 可验证计算研究进展[J]. 中国科学:信息科学, 2015,45(11): 1370-1388.
	XUE R , WU Y , LIU M H ,et al. Progress in verifiable computing[J]. China Science:Information Science, 2015,45(11): 1370-1388.
[38]	HARZ D . Trust and verifiable computation for smart contracts in permissionless blockchains[D]. KTH,School of Information and Communication Technology, 2017.
[39]	TEUTSCH J,REITWIE?NER C . A scalable verification solution for blockchains[EB].
[40]	ZYSKIND G . Efficient secure computation enabled by blockchain technology[D]. Massachusetts:Massachusetts Institute of Technology, 2016.
[41]	AS S , . Enabling data markets using smart contracts and multi-party computation[C]// Business Information Systems Workshops:BIS 2018 International Workshops. Berlin:Springer, 2019:258.
[42]	NEIDHARDT N , KOHLER C , NUTTGENS M . Cloud service billing and service level agreement monitoring based on blockchain[C]// EMISA. 2018: 65-69.
[43]	MOLINA-JIMENEZ C , SOLAIMAN E , SFYRAKIS I ,et al. On and off-blockchain enforcement of smart contracts[C]// European Conference on Parallel Processing. 2018: 342-354.
[44]	XU X , PAUTASSO C , ZHU L ,et al. The blockchain as a software connector[C]// 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA). 2016: 182-191.
[45]	EBERHARDT J , TAI S . On or off the blockchain? Insights on off-chaining computation and data[C]// European Conference on Service-Oriented and Cloud Computing. 2017: 3-15.
[46]	ZHANG F , CECCHETTI E , CROMAN K ,et al. Town crier:an authenticated data feed for smart contracts[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 270-282.
[47]	ADLER J , BERRYHILL R , VENERIS A ,et al. Astraea:a decentralized blockchain oracle[C]// 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communica-tions (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 2018: 1145-1152.
[48]	VOYIATZIS A G , WEIPPL E . Whom you gonna trust? a longi-tudinal study on TLS notary services[C]// Data and Applications Security and Privacy XXX:30th Annual IFIP WG 11.3 Conference. 2016: 18-20.
[49]	RITZDORF H , WüST K , GERVAIS A ,et al. TLS-N:non-repudiation over TLS enabling ubiquitous content signing for disintermediation[J]. IACR ePrint Report, 2017,578.
[50]	JAKOBSSON M , LEIGHTON T , MICALI S ,et al. Fractal Merkle tree representation and traversal[C]// Cryptographers’ Track at the RSA Conference. 2003: 314-326.
[51]	XUE J , XU C , ZHANG Y ,et al. DStore:a distributed cloud storage system based on smart contracts and blockchain[C]// International Conference on Algorithms and Architectures for Parallel Processing. 2018: 385-401.
[52]	GUARNIZO J , SZALACHOWSKI P . PDFS:practical data feed service for smart contracts[J]. arXiv preprint,arXiv:1808.06641, 2018
[53]	XU X , PAUTASSO C , ZHU L ,et al. The blockchain as a software connector[C]// 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA). 2016: 182-191.
[54]	BANERJEE A , . Blockchain technology:supply chain insights from ERP[M]// Advances in Computers. 2018: 69-98.
[55]	FABIANO N , . The internet of things ecosystem:the blockchain and privacy issues the challenge for a global privacy standard[C]// 2017 International Conference on Internet of Things for the Global Community (IoTGC). 2017: 1-7.

Metrics

Recommended 0

No Suggested Reading articles found!

智能合约平台名称	链类型	吞吐量/笔交易·秒^-1	交易延迟/s	合约语言	隐私保护
Ethereum	公有链	约100	约15	Solidity	不支持
Hyperledger Fabric	联盟链	约100	约1	Go/Java/Node.js	支持
EOS	公有链	约10 000	0.5	C++	不支持

Survey of smart contract security

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 55

Related Articles 15

Metrics

Recommended 0

[1]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[2]	Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114.
[3]	Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17.
[4]	Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19.
[5]	Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG. Bytecode-based approach for Ethereum smart contract classification [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 111-120.
[6]	Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11.
[7]	Wenbo ZHANG, Simin CHEN, Lifei WEI, Wei SONG, Dongmei HUANG. State-of-the-art survey of smart contract verification based on formal methods [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 12-28.
[8]	Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.
[9]	Xiaoling SONG, Yong LIU, Jingnan DONG, Yongfei HUANG. Application and prospect of blockchain in Metaverse [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 45-65.
[10]	Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.
[11]	Pengkun JIANG, Wenyin ZHANG, Jiuru WANG, Shanyun HUANG, Wanshui SONG. Blockchain covert communication scheme based on the cover of normal transactions [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 77-86.
[12]	Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133.
[13]	Baoqin ZHAI, Jian WANG, Lei HAN, Jiqiang LIU, Jiahao HE, Tianhao LIU. Hierarchical proxy consensus optimization for IoV based on blockchain and trust value [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 142-153.
[14]	Jiaren YU, Youliang TIAN, Hui LIN. Design of miner type identification mechanism based on reputation management model [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 128-138.
[15]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.