Ethereum Smart Contracts based on Blockchain Technology (BT)enables monetary transactions among peers on a blockchain network independent of a central authorizing agency. Ethereum smart contracts are programs that are deployed as decentralized applications, having the building blocks of the blockchain consensus protocol. This enables consumers to make agreements in a transparent and conflict-free environment. However, there exist some security vulnerabilities within these smart contracts that are a potential threat to the applications and their consumers and have shown in the past to cause huge financial losses. In this study, we review the existing literature and broadly classify the BT applications. As Ethereum smart contracts find their application mostly in e-commerce applications, we believe these are more commonly vulnerable to attacks. In these smart contracts, we mainly focus on identifying vulnerabilities that programmers and users of smart contracts must avoid. This paper aims at explaining eight vulnerabilities that are specific to the application level of BT by analyzing the past exploitation case scenarios of these security vulnerabilities. We also review some of the available tools and applications that detect these vulnerabilities in terms of their approach and effectiveness. We also investigated the availability of detection tools for identifying these security vulnerabilities and lack thereof to identify some of them
翻译:“Etheum Smart Contract ” (Etheum Smart Contract), 依据一个独立于中央授权机构(BT)的链链式网络的同行之间的货币交易。Etheum智能合同是作为分散应用而部署的方案,具有链式共识协议的构件,使消费者能够在透明和无冲突的环境中达成协议。然而,这些智能合同中存在一些安全弱点,这些弱点对应用程序及其消费者构成了潜在威胁,而且过去已经表明会造成巨大的财政损失。在本研究中,我们审查了现有文献,对BT应用程序进行了广泛分类。由于Etheeum智能合同发现其应用主要在电子商务应用中,我们认为它们更容易受到攻击。在这些智能合同中,我们主要侧重于查明程序员和智能合同用户必须避免的脆弱性。本文件的目的是通过分析这些安全脆弱性的以往开发案例情景,解释与BT应用水平相关的8个弱点。我们还审查了在方法和效率方面发现这些弱点的一些现有工具和应用。我们还调查了查明这些弱点的检测工具的可用性,并缺乏这些工具来查明其中一些弱点。