3,466 research outputs found
Empirical Review of Smart Contract and DeFi Security: Vulnerability Detection and Automated Repair
Decentralized Finance (DeFi) is emerging as a peer-to-peer financial
ecosystem, enabling participants to trade products on a permissionless
blockchain. Built on blockchain and smart contracts, the DeFi ecosystem has
experienced explosive growth in recent years. Unfortunately, smart contracts
hold a massive amount of value, making them an attractive target for attacks.
So far, attacks against smart contracts and DeFi protocols have resulted in
billions of dollars in financial losses, severely threatening the security of
the entire DeFi ecosystem. Researchers have proposed various security tools for
smart contracts and DeFi protocols as countermeasures. However, a comprehensive
investigation of these efforts is still lacking, leaving a crucial gap in our
understanding of how to enhance the security posture of the smart contract and
DeFi landscape.
To fill the gap, this paper reviews the progress made in the field of smart
contract and DeFi security from the perspective of both vulnerability detection
and automated repair. First, we analyze the DeFi smart contract security issues
and challenges. Specifically, we lucubrate various DeFi attack incidents and
summarize the attacks into six categories. Then, we present an empirical study
of 42 state-of-the-art techniques that can detect smart contract and DeFi
vulnerabilities. In particular, we evaluate the effectiveness of traditional
smart contract bug detection tools in analyzing complex DeFi protocols.
Additionally, we investigate 8 existing automated repair tools for smart
contracts and DeFi protocols, providing insight into their advantages and
disadvantages. To make this work useful for as wide of an audience as possible,
we also identify several open issues and challenges in the DeFi ecosystem that
should be addressed in the future.Comment: This paper is submitted to the journal of Expert Systems with
Applications (ESWA) for revie
- …