Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities

Parsa Hedayatnia, Tina Tavakkoli, Hadi Amini, Mohammad Allahbakhsh, Haleh Amintoosi

TL;DR

The paper addresses the fragmentation and symptom-focused labeling of Solidity smart-contract vulnerabilities by introducing an attack-centric, program-structure taxonomy that organizes flaws into eight root-cause families. It provides concrete code exemplars, exploit mechanics, and mitigations aligned with program structure, and links detection signals across static, dynamic, and ML-based tools. A key contribution is cross-mapping legacy datasets (SmartBugs, SolidiFI) to the taxonomy to reveal label drift and coverage gaps, enabling standardized benchmarking and reproducible audits. The framework enhances interpretability, education, and tool interoperability, with practical guidance for detection, verification, and cross-domain security, while acknowledging limitations in bytecode inter-contract reasoning and the need for scalable verification. Overall, the taxonomy offers a unified vocabulary and actionable checklist to improve vulnerability reporting, tool evaluation, and secure smart-contract development across the ecosystem.

Abstract

Smart contracts concentrate high value assets and complex logic in small, immutable programs, where even minor bugs can cause major losses. Existing taxonomies and tools remain fragmented, organized around symptoms such as reentrancy rather than structural causes. This paper introduces an attack-centric, program-structure taxonomy that unifies Solidity vulnerabilities into eight root-cause families covering control flow, external calls, state integrity, arithmetic safety, environmental dependencies, access control, input validation, and cross-domain protocol assumptions. Each family is illustrated through concise Solidity examples, exploit mechanics, and mitigations, and linked to the detection signals observable by static, dynamic, and learning-based tools. We further cross-map legacy datasets (SmartBugs, SolidiFI) to this taxonomy to reveal label drift and coverage gaps. The taxonomy provides a consistent vocabulary and practical checklist that enable more interpretable detection, reproducible audits, and structured security education for both researchers and practitioners.

Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities

TL;DR

The paper addresses the fragmentation and symptom-focused labeling of Solidity smart-contract vulnerabilities by introducing an attack-centric, program-structure taxonomy that organizes flaws into eight root-cause families. It provides concrete code exemplars, exploit mechanics, and mitigations aligned with program structure, and links detection signals across static, dynamic, and ML-based tools. A key contribution is cross-mapping legacy datasets (SmartBugs, SolidiFI) to the taxonomy to reveal label drift and coverage gaps, enabling standardized benchmarking and reproducible audits. The framework enhances interpretability, education, and tool interoperability, with practical guidance for detection, verification, and cross-domain security, while acknowledging limitations in bytecode inter-contract reasoning and the need for scalable verification. Overall, the taxonomy offers a unified vocabulary and actionable checklist to improve vulnerability reporting, tool evaluation, and secure smart-contract development across the ecosystem.

Abstract

Smart contracts concentrate high value assets and complex logic in small, immutable programs, where even minor bugs can cause major losses. Existing taxonomies and tools remain fragmented, organized around symptoms such as reentrancy rather than structural causes. This paper introduces an attack-centric, program-structure taxonomy that unifies Solidity vulnerabilities into eight root-cause families covering control flow, external calls, state integrity, arithmetic safety, environmental dependencies, access control, input validation, and cross-domain protocol assumptions. Each family is illustrated through concise Solidity examples, exploit mechanics, and mitigations, and linked to the detection signals observable by static, dynamic, and learning-based tools. We further cross-map legacy datasets (SmartBugs, SolidiFI) to this taxonomy to reveal label drift and coverage gaps. The taxonomy provides a consistent vocabulary and practical checklist that enable more interpretable detection, reproducible audits, and structured security education for both researchers and practitioners.

Paper Structure

This paper contains 168 sections, 1 figure, 2 tables.

Table of Contents

  1. Introduction
  2. Our contributions are as follows:
  3. Paper organization.
  4. Related literature
  5. Taxonomy of Smart Contract Vulnerabilities
  6. Smart Contract Vulnerabilities
  7. Control-Flow Interaction Vulnerabilities
  8. This family covers flaws that break the intended execution order within or across contracts. They typically arise when developers assume atomic behavior in a non-atomic environment, allowing adversaries to interleave or reorder transactions. As shown in Figure \ref{['fig:taxonomy-pdf']}, these vulnerabilities form the first layer of the taxonomy, where execution flow integrity governs all subsequent state and logic correctness.
  9. Re-entrancy
  10. Definition:
  11. Explanation of Vulnerability:
  12. Why This Is a Vulnerability:
  13. Exploitation Scenario:
  14. Why the Guard is Ineffective (Fake Guard):
  15. Mitigation Recommendations:
  16. ...and 153 more sections

Figures (1)

  • Figure 1: Program-structure taxonomy: eight families, common attacks, and canonical defenses.