Table of Contents
Fetching ...

A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense

Yuchen Ding, Hongli Peng, Xiaoqi Li

TL;DR

This work targets security vulnerabilities in Ethereum smart contracts, centering on reentrancy and integer overflow. It combines formal principle analysis, code-level reproductions, and defense-pattern design to illustrate practical mitigations such as CEI, state locks, gas-limiting transfers, and SafeMath. Through reproducible experiments using Remix and Geth, the paper demonstrates how insecure configurations permit exploits and how secure patterns effectively thwart them, offering concrete guidance for Solidity/EVM developers. The findings emphasize a multi-layered defense approach that spans design, implementation, testing, auditing, and governance to strengthen the integrity of blockchain applications.

Abstract

With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution. Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem, as demonstrated by the growing frequency of attacks since 2016, resulting in substantial financial losses. This paper provides a comprehensive analysis of key security risks in Ethereum smart contracts, specifically those written in Solidity and executed on the Ethereum Virtual Machine (EVM). We focus on two prevalent and critical vulnerability types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.

A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense

TL;DR

This work targets security vulnerabilities in Ethereum smart contracts, centering on reentrancy and integer overflow. It combines formal principle analysis, code-level reproductions, and defense-pattern design to illustrate practical mitigations such as CEI, state locks, gas-limiting transfers, and SafeMath. Through reproducible experiments using Remix and Geth, the paper demonstrates how insecure configurations permit exploits and how secure patterns effectively thwart them, offering concrete guidance for Solidity/EVM developers. The findings emphasize a multi-layered defense approach that spans design, implementation, testing, auditing, and governance to strengthen the integrity of blockchain applications.

Abstract

With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution. Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem, as demonstrated by the growing frequency of attacks since 2016, resulting in substantial financial losses. This paper provides a comprehensive analysis of key security risks in Ethereum smart contracts, specifically those written in Solidity and executed on the Ethereum Virtual Machine (EVM). We focus on two prevalent and critical vulnerability types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
Paper Structure (41 sections, 38 figures, 1 table)

This paper contains 41 sections, 38 figures, 1 table.

Figures (38)

  • Figure 1: The Structure of Ethereum
  • Figure 2: The Ethereum Smart Contract Architecture garba2021defi
  • Figure 3: The Structure of EVM
  • Figure 4: Reentrancy Attack Process
  • Figure 5: Vulnerability Pattern Workflow
  • ...and 33 more figures