Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey

Introduction

The provided text is the introduction section of a research paper on vulnerabilities in Ethereum smart contracts written in Solidity. The paper discusses the growing popularity and market capitalization of Ethereum, and how its Turing-complete blockchain technology enables the creation of smart contracts for various financial applications like DeFi, stablecoins, STOs, and NFTs. The authors highlight the emergence of NFT fractionalization as a noteworthy trend.

However, the flexibility of smart contracts also attracts attackers who exploit vulnerabilities to steal cryptocurrencies or tamper with assets. The paper mentions a recent attack on Level Finance Exchange resulting in a loss of over $1 million due to a recursive calling vulnerability.

The authors list several common vulnerabilities and their causes, such as arithmetic overflows, reentrancy, inadequate randomness, and issues with the runtime environment. They also discuss detection methods like symbolic execution, fuzz testing, taint analysis, and formal verification.

The paper aims to present a literature review and experimental report on the most common vulnerabilities in Solidity smart contracts, including those related to NFT fractionalization, and compare popular vulnerability detection tools. The authors also propose guidelines for auditing smart contracts.

The research methodology involved searching two databases (Engineering Village and Scopus) and Ethereum community web articles. The authors also experimentally studied five widely used vulnerability detection tools: Oyente, Slither, Mythril, Manticore, and Echidna.

The introduction concludes by outlining the structure of the paper, with sections covering the research methodology, common vulnerabilities and mitigation schemes, vulnerability detection methodologies, tools, auditing guidelines, related surveys, and a conclusion.

Survey Methodology

The paper presents four primary research questions to be answered through a survey on Solidity smart contract vulnerabilities. The questions focus on identifying the most frequent vulnerabilities, methods to mitigate them, existing methodologies for vulnerability detection and comparison, and the most popular tools used by the Ethereum community for investigating and mitigating smart contract vulnerabilities.

The authors conducted a Multivocal Literature Review (MLR) for data preparation, incorporating both gray literature (blogs, videos, forums) and white literature (peer-reviewed research articles). MLR was chosen due to the relatively new field of smart contract security and the importance of including practitioner feedback.

The search strategy followed Kitchenham's protocol for systemic reviews, consisting of three phases: defining a search string, using the string in search engines, and selecting literature based on predefined inclusion and exclusion criteria. The search string was designed to collect resources related to smart contract security, vulnerabilities, detection methodologies, mitigation schemes, and tools. The terms "opcode" and "Turing completeness" were used to represent smart contracts.

The process of identifying articles for the study is depicted in Figure 2. The search string yielded 504 conference and journal articles, of which 41 were included based on the exclusion and inclusion criteria listed in Table I. For gray literature, the focus was on blog posts found within the first eight pages of Google search results using the search strings "ethereum smart contract vulnerabilities and mitigation" and "ethereum smart contract analysis tools". After reviewing numerous blogs, eight posts were found to meet the established criteria.

To ensure the quality of the gray literature, several aspects were considered, including the reputation of the publisher, the author's expertise in smart contract security based on their job position, and the clarity and support of the content presented.

Vulnerabilities

The section discusses common vulnerabilities in Ethereum smart contracts, their implications for NFT fractionalization platforms, and preventive measures. The vulnerabilities covered include:

1. Reentrancy: When a contract calls an external contract, execution stops until a response is returned. Attackers can exploit this to invoke a function multiple times, causing unintended behavior. Reentrancy attacks can distort market dynamics and lead to asset redistribution. Prevention measures include using the checks-effects-interactions pattern and mutex locks.

2. Front Running: Transactions are visible on the network before execution, allowing participants to exploit their order. This can manipulate share prices, interfere with auctions, and lead to unfair revenue distribution. Removing the importance of transaction order and using commit-reveal schemes can mitigate this vulnerability.

3. Arithmetic Issues: Integer overflow/underflow can cause smart contracts to behave unpredictably. In NFT fractionalization, this can lead to incorrect allocation of funds. Using SafeMath libraries and Solidity 0.8.0+ mitigates these issues.

4. Mishandled Exceptions: Failing to check the success of low-level calls like call() and delegatecall() can result in unintended execution. This poses risks for token transfers and revenue distribution. Explicitly checking return values prevents this vulnerability.

5. Code Injection via delegatecall: Calling untrusted contracts with delegatecall() gives them control over the caller's storage and balance. Attackers could tamper with ownership, control mechanisms, or steal assets. Using delegatecall() cautiously with trusted, stateless library contracts reduces risks.

6. Randomness Using Block Information: Using block hash or timestamp for randomness allows miners to influence outcomes. This could unfairly impact rare NFT distribution or auctions. Employing oracles or cryptographic commitment schemes provides reliable randomness.

The section also presents code examples demonstrating each vulnerability and its mitigation. A table summarizes the coverage of these vulnerabilities in referenced literature. The Smart Contract

V Detection methods

The paper discusses three main approaches for detecting smart contract vulnerabilities: static analysis, dynamic analysis, and formal verification.

Static analysis involves reviewing source code before running it, using techniques such as Control Flow Graph (CFG), Taint Analysis, and Symbolic Analysis. CFG represents the flow of execution, Taint Analysis detects untrusted input data that could be exploited, and Symbolic Analysis abstracts program execution to find exploits.

Dynamic analysis observes code during execution without access to the source, commonly using fuzzing, which injects malformed or unpredictable inputs to uncover flaws.

Formal verification automates bug detection by comparing a formal model of the system to specifications. It requires writing formal specifications and uses theorem proving algorithms to build deduction trees.

Each approach has benefits and limitations. Static analysis can produce false negatives, dynamic analysis observes random states based on inputs, and formal verification provides full coverage for specifications but can become intractable. Combining static and dynamic analysis is recommended, while formal verification is resource-intensive but used by audit firms for its thoroughness.

Vulnerability Detection Tools

The paper reviews five popular smart contract vulnerability detection tools: Oyente, Slither, Mythril, Manticore, and Echidna.

Oyente, the first symbolic execution tool for Ethereum smart contracts, detects seven vulnerability types. It is easy to set up using Docker but only supports Solidity versions up to 0.4.17.

Slither, a static analysis tool, identifies 70 bug varieties. It is user-friendly and provides useful information like inheritance graphs and function CFGs. However, it can report false positives.

Mythril uses symbolic execution to discover 14 vulnerability types. It offers detailed vulnerability information and concrete exploit inputs. The analysis can be time and resource-intensive.

Manticore tracks inputs that kill programs and provides Python API access. It detects 10 vulnerability types. The tool is slow and resource-hungry but offers diverse command-line tools and APIs.

Echidna is a property-based fuzzing tool that tests user-defined invariants. It is easy to set up but requires manual test property definition, demanding user expertise.

The paper compares the tools based on detected vulnerabilities, methodology, code level, Solidity version restrictions, and documentation. Static analysis tools remain popular due to their simplicity compared to fuzzing and formal verification.

Guidelines for secure smart contracts

The section provides guidelines on writing secure and bug-free smart contracts. The steps are:

1. Visualize the control flow of the smart contract using tools like Slither and Solidity Visual Developer to understand the interactions between different components and identify critical functions for testing.

2. Perform automatic analysis using common bug detection tools like Mythril and Slither. Use Manticore for targeting specific critical functions. Employ dynamic analysis tools like Echidna to decrease false positives and cover additional states.

3. Look for unique features in the smart contract, such as conformance to ERC standards for ERC tokens. Use tools like Echidna, Manticore, and Slither to define and check security properties specific to the contract's context.

4. Conduct formal verification to ensure the legitimacy of contract requirements. This step requires special expertise, such as writing formal specifications using a specification language.

5. Manually verify the output from the previous steps and apply corrective actions based on patterns and mitigation techniques. After fixing bugs, repeat the previous steps to increase the probability of a bug-free contract.

The section emphasizes the importance of combining multiple tools and techniques for better results and increasing the detection accuracy by running context-specific tests.

Related Work

The text provides an overview of various surveys conducted on smart contract vulnerabilities in recent years. These surveys cover different aspects, such as security vulnerabilities, analysis tools, formal specification and verification, and common design patterns. The authors highlight the strengths and limitations of each survey.

Kushwaha et al. conducted two systematic reviews, one focusing on Ethereum smart contract analysis tools and another on security vulnerabilities. Di Angelo et al. provided a review of analysis tools based on real execution, classifying them by availability, maturity level, purpose, and analysis method. However, some surveys have become obsolete or lack in-depth feedback on the effectiveness and limitations of the tools.

Other surveys, such as those by Harz et al., Li et al., Saad et al., Atzei et al., Chen et al., and Zhu et al., cover various aspects of smart contract vulnerabilities, attacks, and mitigation schemes, but they do not comprehensively address all areas. Durieux et al. conducted an empirical review of automated analysis tools using a framework and tagged vulnerability datasets, but did not cover vulnerabilities and mitigation schemes.

The authors conclude that existing surveys focus on only one or two areas of smart contract vulnerabilities and do not discuss the tools based on their output format.

Conclusion

The study presents common vulnerabilities in Ethereum smart contracts and their mitigation solutions based on patterns and standards. It covers popular detection methodologies, including static analysis, dynamic analysis, and formal verification, discussing the benefits and drawbacks of each. The study also provides community-recommended vulnerability detection tools with execution samples and detailed feedback. Based on the investigation of existing methodologies and tools, the authors propose a guideline for auditing smart contracts. However, most tools detect vulnerabilities but do not provide refactoring recommendations. Future work aims to implement a refactoring module that proposes improvements based on detected bugs and error traces, as well as study attacks related to NFTs, such as wash trading, which is a type of market manipulation.