What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)?

An important problem in smart contract security is understanding the likelihood and criticality of discovered, or potential, weaknesses in contracts. In this paper we provide a summary of Ethereum smart contract audits performed for 23 professional stakeholders, avoiding the common problem of reporting issues mostly prevalent in low-quality contracts. These audits were performed at a leading company in blockchain security, using both open-source and proprietary tools, as well as human code analysis performed by professional security engineers. We categorize 246 individual defects, making it possible to compare the severity and frequency of different vulnerability types, compare smart contract and non-smart contract flaws, and to estimate the efficacy of automated vulnerability detection approaches

Pre-deployment Analysis of Smart Contracts -- A Survey

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process

Decentralised finance's timocratic governance: The distribution and exercise of tokenised voting rights

Ethereum's public distributed ledger can issue tokenised voting rights that are tradable on crypto-asset exchanges by potentially anyone. Ethereum thus enables global, unincorporated associations to conduct governance experiments. Such experiments are crucial to Decentralised Finance (DeFi). DeFi is a nascent field of unlicensed, unregulated, and non-custodial financial services that utilise public distributed ledgers and crypto-assets rather than corporate structures and sovereign currencies. The inaugural Bloomberg Galaxy DeFi Index, launched in August 2021, included nine Ethereum-based projects – non-custodial exchanges as well as lending and derivatives platforms. Each project is governed, at least in part, by unregistered holders of tokenised voting rights (also known as governance tokens). Token-holders typically vote for or against coders' improvement proposals that pertain to anything from the allocation of treasury funds to a collateral's risk parameters. DeFi's governance thus depends on the distribution and exercise of tokenised voting rights. Since archetypal DeFi projects are not managed by companies or public institutions, not much is known about DeFi's governance. Regulators and law-makers from the United States recently asked if DeFi's governance entails a new class of “shadowy” elites. In response, we conducted an exploratory, multiple-case study that focused on the tokenised voting rights issued by the nine projects from Bloomberg's inaugural Galaxy DeFi index. Our mixed methods approach drew on Ethereum-based data about the distribution, trading, staking, and delegation of voting rights tokens, as well as project documentation and archival records. We discovered that DeFi projects' voting rights are highly concentrated, and the exercise of these rights is very low. Our theoretical contribution is a philosophical intervention: minority rule, not “democracy”, is the probable outcome of token-tradable voting rights and a lack of applicable anti-concentration laws. We interpret DeFi's minority rule as timocratic