- We present an up-to-date survey of smart contract security issues and their mitigations. We achieve this by combining the top research on smart contract security with cutting edge open source knowledge and information.
- We find that almost all of the most common attacks could be avoided or at least severely mitigated by following better coding practices. This includes general principles as well as specific design patterns against given attack types.
- The most common smart contract attack types are explained on a technical level and suggested mitigations against each one are given.
Porkka, Otto. “Attacks on Smart Contracts.” (2022). https://helda.helsinki.fi/bitstream/handle/10138/345427/20220607_Porkka_Pro_Gradu_FINAL.pdf?sequence=2
Smart contracts expand the utility of blockchains to distributed state machines, where anyone can store and run code and then mutually agree on the next state. This added utility also brings up many security challenges which are of the utmost importance given the money involved with smart contracts.
As a brand new and constantly changing field, the need for better coverage and understanding of smart contract security issues is increasing. A major portion of smart contract research and innovation also happens outside of the scientific field in online communities, so getting an up-to-date view on smart contract security, combining cutting edge open source knowledge and previous scientific work is needed.
As a master’s level thesis, smart contracts and blockchain technologies are explained on a technical level in the background section so very little prior knowledge is needed to understand the topic.
- Smart Contracts: Autonomous accounts living in the blockchain with the code that dictates their behaviour. When triggered by a transaction, the smart contract’s code is executed on the Ethereum Virtual Machine (or, if not Ethereum, the blockchain’s native environment).
- Ethereum Virtual Machine (EVM): Ethereum’s execution environment. Also, a general term for the distributed state machine that the nodes of a blockchain network forms. It maintains the blockchain’s state and allows the execution of smart contracts. If a smart contract code is executed, the nodes execute and validate the code and mutually agree on the next state.
- Transaction: A request to update the blockchain state. Includes value transactions and smart contract invocations. Always requested by externally-owned accounts, i.e. accounts controlled by a human/private key, although smart contracts can invoke other smart contracts via transactions once executed. Transactions are mined into a block once executed.
- Gas: Fee to be paid to nodes for executing a transaction and including it in a block.
- Mining/Miner: Mining is the action of forming the next block in the blockchain. Miners are the nodes that form the blockchain network and maintain and update the state of the blockchain and EVM via a consensus algorithm. (In this thesis we refer nodes of the network generally as miners even though they are not always technically “mining” if, for example, Proof of Stake is used)
- Consensus Algorithm: A way for miners to mutually agree on the next state of the blockchain. Proof of Work is the most used one, Proof of Stake is making its way.
- DeFi: Decentralized Finance. Financial systems built with smart contracts that operate on blockchains in a decentralized manner.
Attack Type: Used as an umbrella term for all the attacks and vulnerabilities that are covered. This is to make distinction between an
- attack, which refers to a specific action,
- vulnerability, which refers to a flaw in the code or technology,
- attack vector, which refers to a general pathway or attack surface that exploits use.
What are the most common attacks on smart contracts and how can they be mitigated? In other words, what is the current state of smart contract security?
In this thesis we give an up-to-date survey of smart contract security issues. First we give a brief introduction to blockchains and smart contracts and explain the most common varieties of attacks and ways to mitigate them. Then we sum up and analyse our findings.
Covered attack types include:
- Timestamp Dependence
- Front-Running (First in general, then split into sub-types)
- Transaction Ordering Dependence
- Block Stuffing
- Block Reorganization Attacks
- Integer Overflow and Underflow
- DoS With Revert
- Insufficient Gas Griefing
- Forcibly sending Ether To A Contract
- Oracle Manipulation
After each attack type, we present suggested mitigations. These are split into three classes: better coding practices, automated tools and technology changes. Better coding practices include coding practices and principles that can prevent specific problems or help design secure smart contracts in general. Automated tools includes a range of tools from IDE expansions and code analyzers, to full-on fuzzing and testing software. Lastly, technology changes refers to changes to the underlying blockchain technology, i.e., making changes to a protocol.
To conduct the analysis, all covered attack types are categorized based on the location of the vulnerability (smart contract code / technology level) and the type of suggested mitigations (better coding practices / automated tools / technology changes). This categorization can be seen in the table 4.1 below.
After this, all the findings and results of the categorization are summed up and analysed a bit more to give a big picture of the current state of smart contract security.
- Almost all common attacks could be avoided or at least severely mitigated by following better coding practices.
- This indicates how crucial good coding practices and expertise of the coders are when designing and implementing secure smart contracts.
- Immutability and the open nature of the blockchain make developing secure smart contracts difficult.
- Many automated tools for security are being developed and put into practice.
- This indicates movement towards more conventional coding where automated tools like scanners and analysers are used to cover a large set of security issues.
- Making changes to the underlying blockchain technology is usually not the best way to counter issues, even if it can work in some cases. It is hard to do, can restrict the usability of contracts and requires community coordination.
- Many attacks combine technological property with a vulnerability in the targeted smart contract’s code.
- Many challenges and dangers have to be considered when writing secure code. Developers must have a good understanding of blockchain-related threats and technology itself.
- They must also be aware of conventional threats, given that smart contracts are Turing-complete. (For example, integer overflow and underflow are really common outside the smart contract world).
- For some issues and exploits that target smart contracts, there is nothing that can be done on smart contract level.
- For example, block reorganization attacks are done purely on the blockchain-level even though the majority of profits are extracted from smart contracts. If someone alters blockchain history, the smart contract can’t do anything since its state is also reversed.
- Another good example is web interfaces. Even though they interact with smart contracts, if there is a problem with the web interface itself, the contract can’t do anything. (Interfaces and programs outside the blockchain interacting with smart contracts are outside of scope of this thesis.)
The biggest challenge when making this survey was using open source information as reference material. Many sources needed double-checking and required finding scientific sources as backup.
When it comes to the future of smart contract security, the Proof of Stake -consensus algorithm and changes it brings are one of the most urgent topics. Another interesting topic involving security is MEV extraction, which is closely tied to front-running covered in this thesis.
There were many interesting articles that came along when writing this thesis. The Bitcoin whitepaper and Ethereum documentation are recommended for anyone who hasn’t read them already. To truly understand security issues, background knowledge about blockchain technology is an absolute necessity. For Ethereum, their development documentation is an especially great source, although their whitepaper is also interesting read:
Here are links for those:
- Ethereum development documentation | ethereum.org
- Ethereum Whitepaper | ethereum.org
From the developer’s point of view, ConsenSys hosts a great github page with relevant information on smart contract security for anyone writing Solidity. It doubles as a great summary of smart contract security:
For a more technical database of smart contract vulnerabilities, SWC Registry is a great source:
(Note: These latter two may not be actively maintained)