A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense
Yuchen Ding, Hongli Peng, Xiaoqi Li
TL;DR
This work targets security vulnerabilities in Ethereum smart contracts, centering on reentrancy and integer overflow. It combines formal principle analysis, code-level reproductions, and defense-pattern design to illustrate practical mitigations such as CEI, state locks, gas-limiting transfers, and SafeMath. Through reproducible experiments using Remix and Geth, the paper demonstrates how insecure configurations permit exploits and how secure patterns effectively thwart them, offering concrete guidance for Solidity/EVM developers. The findings emphasize a multi-layered defense approach that spans design, implementation, testing, auditing, and governance to strengthen the integrity of blockchain applications.
Abstract
With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution. Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem, as demonstrated by the growing frequency of attacks since 2016, resulting in substantial financial losses. This paper provides a comprehensive analysis of key security risks in Ethereum smart contracts, specifically those written in Solidity and executed on the Ethereum Virtual Machine (EVM). We focus on two prevalent and critical vulnerability types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
