An Analysis of the Security Status of Ethereum-Based Smart Contracts: Vulnerability, Tools, and Techniques
摘要
Ethereum smart contracts allow dApps to automate transactions without a middleman. These systems’ intrinsic qualities require strong security to prevent exploitation and protect user assets. Detailed Ethereum smart contract security research is presented here. Enhancement techniques, analytical tools, and vulnerabilities are examined from various authenticated sources. The study includes front-running vulnerabilities. DoS from uncontrolled external calls reentrancy attacks integer overflows and access control. These vulnerabilities are discussed, and their code example is also given. Detailed information is presented on the various types of attacks available in the latest literature that affect user information, smart contract integrity, and also discussed cross-chained attacks. After that, a detailed comparison is made of the available techniques to detect threats in the smart contract, like static, dynamic, and hybrid. Later on, the top security-focused smart contract analysis tools, like Manticore Oyente Slither MythX and security formal verification tools, are reviewed here. We have discussed the tool's strengths and shortcomings and how well a tool finds and fixes vulnerabilities during development and deployment. We examine its strengths and weaknesses. Future research areas and trends are discussed in the following paper. Both automatic vulnerability detection and machine learning-based anomaly detection are enhancements. Ethereum-based decentralized apps aim for security and trust.