To healthier Ethereum: a comprehensive and iterative smart contract weakness enumeration

IF 6.9 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Blockchain-Research and Applications Pub Date : 2024-12-31 DOI:10.1016/j.bcra.2024.100258

Jiachi Chen, Mingyuan Huang, Zewei Lin, Peilin Zheng, Zibin Zheng

{"title":"To healthier Ethereum: a comprehensive and iterative smart contract weakness enumeration","authors":"Jiachi Chen, Mingyuan Huang, Zewei Lin, Peilin Zheng, Zibin Zheng","doi":"10.1016/j.bcra.2024.100258","DOIUrl":null,"url":null,"abstract":"<div><div>With the increasing popularity of cryptocurrencies and blockchain technologies, smart contracts have become a prominent feature in developing decentralized applications. However, these smart contracts are susceptible to vulnerabilities that hackers can exploit, resulting in significant financial losses. In response to this growing concern, various initiatives have emerged. Notably, the Smart Contract Weakness Classification (SWC) list plays an important role in raising awareness and understanding of smart contract weaknesses. However, the SWC list lacks maintenance and has not been updated with new vulnerabilities since 2020. To address this gap, this paper introduces the Smart Contract Weakness Enumeration (SWE), a comprehensive and practical vulnerability list up until 2023. We collect 273 vulnerability descriptions from 86 top conference papers and journal papers, employing the open card-sorting method to deduplicate and categorize these descriptions. This process results in the identification of 40 common contract weaknesses, which are further classified into 20 sub-research fields through thorough discussion and analysis. The SWE provides a systematic and comprehensive list of smart contract vulnerabilities, covering existing and emerging vulnerabilities in the last few years. Moreover, the SWE is a scalable and continuously iterative program. We propose two update mechanisms for the maintenance of the SWE. Regular updates involve the inclusion of new vulnerabilities from future top papers, while irregular updates enable individuals to report new weaknesses for review and potential addition to the SWE.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100258"},"PeriodicalIF":6.9000,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Blockchain-Research and Applications","FirstCategoryId":"1093","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S209672092400071X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the increasing popularity of cryptocurrencies and blockchain technologies, smart contracts have become a prominent feature in developing decentralized applications. However, these smart contracts are susceptible to vulnerabilities that hackers can exploit, resulting in significant financial losses. In response to this growing concern, various initiatives have emerged. Notably, the Smart Contract Weakness Classification (SWC) list plays an important role in raising awareness and understanding of smart contract weaknesses. However, the SWC list lacks maintenance and has not been updated with new vulnerabilities since 2020. To address this gap, this paper introduces the Smart Contract Weakness Enumeration (SWE), a comprehensive and practical vulnerability list up until 2023. We collect 273 vulnerability descriptions from 86 top conference papers and journal papers, employing the open card-sorting method to deduplicate and categorize these descriptions. This process results in the identification of 40 common contract weaknesses, which are further classified into 20 sub-research fields through thorough discussion and analysis. The SWE provides a systematic and comprehensive list of smart contract vulnerabilities, covering existing and emerging vulnerabilities in the last few years. Moreover, the SWE is a scalable and continuously iterative program. We propose two update mechanisms for the maintenance of the SWE. Regular updates involve the inclusion of new vulnerabilities from future top papers, while irregular updates enable individuals to report new weaknesses for review and potential addition to the SWE.

查看原文本刊更多论文

为了更健康的以太坊：全面迭代的智能合约弱点枚举

随着加密货币和区块链技术的日益普及，智能合约已成为开发去中心化应用程序的一个突出特征。然而，这些智能合约容易受到黑客可以利用的漏洞的影响，从而导致重大的经济损失。针对这一日益增长的关切，出现了各种倡议。值得注意的是，智能合约弱点分类（SWC）列表在提高对智能合约弱点的认识和理解方面发挥了重要作用。然而，SWC列表缺乏维护，自2020年以来没有更新过新的漏洞。为了解决这一差距，本文引入了智能合约弱点枚举（SWE），这是一个全面而实用的漏洞列表，直到2023年。我们从86篇顶级会议论文和期刊论文中收集了273个漏洞描述，采用开放卡片分类方法对这些描述进行去重复和分类。这一过程确定了40个常见的合同弱点，通过深入的讨论和分析，将其进一步划分为20个子研究领域。SWE提供了一个系统和全面的智能合约漏洞列表，涵盖了过去几年存在的和新出现的漏洞。此外，SWE是一个可扩展和连续迭代的项目。我们提出了维护SWE的两种更新机制。定期更新包含了未来顶级论文中的新漏洞，而不定期更新使个人能够报告新的弱点以供审查和潜在的添加到SWE中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Blockchain-Research and Applications

CiteScore

11.30

自引率

3.60%

发文量

期刊介绍： Blockchain: Research and Applications is an international, peer reviewed journal for researchers, engineers, and practitioners to present the latest advances and innovations in blockchain research. The journal publishes theoretical and applied papers in established and emerging areas of blockchain research to shape the future of blockchain technology.