Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis

Jixuan Wu, Lei Xie, Xiaoqi Li

TL;DR

<3-5 sentence high-level summary> The paper addresses Ethereum smart contract security by systematically classifying vulnerabilities and reproducing attack scenarios on the Remix/Solidity stack. It covers key vulnerability classes such as integer overflow, reentrancy, DoS, access control, short address, advanced trading, and privileged function exposure, and demonstrates concrete replication of attacks. It proposes multi-faceted remediation strategies including SafeMath, checks-effects-interactions, access modifiers, and secure coding practices, alongside auditing and ERC-20 considerations. The findings provide a practical foundation for detection, forensics, and ongoing security research in Ethereum smart contracts.

Abstract

Smart contracts are a secure and trustworthy application that plays a vital role in decentralized applications in various fields such as insurance,the internet, and gaming. However, in recent years, smart contract security breaches have occurred frequently, and due to their financial properties, they have caused huge economic losses, such as the most famous security incident "The DAO" which caused a loss of over $60 million in Ethereum. This has drawn a lot of attention from all sides. Writing a secure smart contract is now a critical issue. This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism. The environment used in this paper is the Ethernet environment, using remix online compilation platform and Solidity language, according to the four security events of American Chain, The DAO, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed accordingly, and the scenarios of these vulnerabilities are reproduced, and the measures to prevent them are given. Finally, preventive measures are given. In addition, the principles of short address attack, early transaction attack and privileged function exposure attack are also introduced in detail, and security measures are proposed. As vulnerabilities continue to emerge, their classification will also evolve. The analysis and research of the current vulnerabilities are also to lay a solid foundation for avoiding more vulnerabilities.

Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis

TL;DR

<3-5 sentence high-level summary> The paper addresses Ethereum smart contract security by systematically classifying vulnerabilities and reproducing attack scenarios on the Remix/Solidity stack. It covers key vulnerability classes such as integer overflow, reentrancy, DoS, access control, short address, advanced trading, and privileged function exposure, and demonstrates concrete replication of attacks. It proposes multi-faceted remediation strategies including SafeMath, checks-effects-interactions, access modifiers, and secure coding practices, alongside auditing and ERC-20 considerations. The findings provide a practical foundation for detection, forensics, and ongoing security research in Ethereum smart contracts.

Abstract

Smart contracts are a secure and trustworthy application that plays a vital role in decentralized applications in various fields such as insurance,the internet, and gaming. However, in recent years, smart contract security breaches have occurred frequently, and due to their financial properties, they have caused huge economic losses, such as the most famous security incident "The DAO" which caused a loss of over $60 million in Ethereum. This has drawn a lot of attention from all sides. Writing a secure smart contract is now a critical issue. This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism. The environment used in this paper is the Ethernet environment, using remix online compilation platform and Solidity language, according to the four security events of American Chain, The DAO, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed accordingly, and the scenarios of these vulnerabilities are reproduced, and the measures to prevent them are given. Finally, preventive measures are given. In addition, the principles of short address attack, early transaction attack and privileged function exposure attack are also introduced in detail, and security measures are proposed. As vulnerabilities continue to emerge, their classification will also evolve. The analysis and research of the current vulnerabilities are also to lay a solid foundation for avoiding more vulnerabilities.

Paper Structure

This paper contains 54 sections, 7 figures, 2 tables.

Table of Contents

  1. INTRODUCTION
  2. BACKGROUND
  3. Blockchain
  4. Ether
  5. Main components of Ether
  6. Blocks
  7. Accounts
  8. Consensus Mechanisms
  9. Transaction
  10. Smart Contracts
  11. Applications of Smart Contracts
  12. Smart Contract Related Issues
  13. CATEGORIES
  14. Smart Contract Vulnerability Classification and Definition
  15. Integer Overflows
  16. ...and 39 more sections

Figures (7)

  • Figure 1: The Ethernet System Architecture
  • Figure 2: The "Witch Attack" Model
  • Figure 3: Mechanisms and Applications of Smart Contracts
  • Figure 4: Uint8 Storage Form
  • Figure 5: Reentry attack process
  • ...and 2 more figures