dc.description.abstract | Ethereum represents the second generation of blockchain technology by providing
an open and global computing platform which allows the exchange of cryptocurrency
(Ether) and the development of self-verifying smart contract applications.
Smart contracts present a foundation for possessing digital assets and a variety of
decentralized applications within the blockchain area. Ethereum and smart contracts
are public, distributed and immutable, as such, they are prone to vulnerabilities
sourcing from simple coding mistakes of developers.
Motivated by the security breaches and recurring financial losses in smart contracts,
we aim to advance the field of security in smart contract programming.
The main objective is to aid smart contract developers by providing a taxonomy of
all known security issues and by inspecting the security code analysis tools used
to identify those vulnerabilities. Based on previous research as well as attacks on
Ethereum smart contracts, we propose an updated taxonomy which categorizes
all known vulnerabilities within their architectural and severity level. Our second
proposed taxonomy is a novel categorization of security tools on Ethereum.
Furthermore, we conduct the investigation of security code analysis tools on
Ethereum by assessing their effectiveness and accuracy. In particular, we analyze
four security tools, namely, Oyente, Securify, Remix, and SmartCheck. The results
indicate that there are overall inconsistencies between the tools on different security
properties. SmartCheck outperformed the other tools in terms of effectiveness,
whereas Oyente performed the best in terms of accuracy. Furthermore, based on
the limitations we identified, we propose future improvements within the user interfaces,
interpretation of results, and additional vulnerability checks. | |