SCRF is crowd-sourcing a list of key readings in each forum category to point readers to notable works and foundational research. Please comment in this thread with links to seminal research that could form part of an introductory graduate seminar in this category.
Please format your additions using the template below:
## [Category Name] ### [Full Paper Title] - **Source:** <[Link]> - **Authors:** [Author 1, Author 2, etc.] - **Description:** [One sentence description of the work] - **Relevance:** [Once sentence explaining the special relevance of this work] - **Citation:** [Citation and abstract in plaintext] - **Tags:** [Relevant forum tags, if any]
As with every post in SCRF, a discussion is highly encouraged, please be prepared to explain why your link should be added to the canonical list.
We are also offering a bounty for all successful additions.
The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses
- Source: https://arxiv.org/abs/1910.09775
- Authors: Ivan Homoliak, Sarad Venugopalan, Daniël Reijsbergen, Qingze Hum, Richard Schumi, Pawel Szalachowski
- Description: This paper proposes a 4-layer security reference architecture for blockchains and identifies known threats, countermeasures, and dependencies at each layer
- Relevance: This paper is relevant because it is one of the first contributing towards the standardization of security threat analysis in the blockchain space
- Citation: I. Homoliak, S. Venugopalan, D. Reijsbergen, Q. Hum, R. Schumi and P. Szalachowski, “The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses,” in IEEE Communications Surveys & Tutorials, vol. 23, no. 1, pp. 341-390, Firstquarter 2021, doi: 10.1109/COMST.2020.3033665.
- Source: https://arxiv.org/abs/1908.04507
- Authors: Huashan Chen, Marcus Pendleton, Laurent Njilla, Shouhuai Xu
- Description: This paper provides a holistic survey of Ethereum security, stratifying vulnerabilities, attacks, and defenses
- Relevance: This paper is relevant because it is one of the first to investigate the security issues across different layers of the Ethereum architecture
- Source: https://arxiv.org/abs/1802.06993
- Authors: Xiaoqi Li, Peng Jiang, Ting Chen, Xiapu Luo, Qiaoyan Wen
- Description: This paper performs a high-level review of blockchain security as a whole.
- Relevance: This paper is relevant because it covers attacks in a wide time range (2009 to 2017)
- Source: https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/
- Description: This blog post from Trail of Bits shares aggregate data of the findings in their audits
- Relevance: This post is relevant because it provides researchers with real-world data from audits performed by an industry player
- Source: https://consensys.github.io/smart-contract-best-practices/
- Authors: Consensys
- Description: This post provides key security considerations when developing Ethereum smart contracts
- Relevance: This post is relevant because it is a state-of-the-art catalog, providing a reference point for educating developers and auditors
- Source: https://forum.openzeppelin.com/t/list-of-ethereum-smart-contracts-post-mortems/1191
- Authors: OpenZeppelin
- Description: This post outlines a list of Ethereum smart contracts post-mortems
- Relevance: This post is relevant because it provides lessons from real-world case studies. It is a state-of-the-art list that serves as a reference point for educating developers and auditors