Smart Contract Security: A Software Lifecycle Perspective

Smart Contract Security: A Software Lifecycle Perspective

Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between partie...

Full description

Bibliographic Details
Main Authors: Yongfeng Huang, Yiyang Bian, Renpu Li, J. Leon Zhao, Peizhong Shi
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Blockchain
Ethereum
information security
smart contract
software engineering
software lifecycle
Online Access:https://ieeexplore.ieee.org/document/8864988/
id doaj-9bb2a313a7de45518b747547540b111c
record_format Article
spelling doaj-9bb2a313a7de45518b747547540b111c2021-03-29T23:40:50ZengIEEEIEEE Access2169-35362019-01-01715018415020210.1109/ACCESS.2019.29469888864988Smart Contract Security: A Software Lifecycle PerspectiveYongfeng Huang0https://orcid.org/0000-0002-5190-9535Yiyang Bian1Renpu Li2J. Leon Zhao3Peizhong Shi4https://orcid.org/0000-0002-4059-0987School of Computer Engineering, Jiangsu University of Technology, Changzhou, ChinaSchool of Information Management, Nanjing University, Nanjing, ChinaSchool of Computer Engineering, Jiangsu University of Technology, Changzhou, ChinaDepartment of Information Systems, City University of Hong Kong, Hong KongSchool of Computer Engineering, Jiangsu University of Technology, Changzhou, ChinaSmart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a software lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.https://ieeexplore.ieee.org/document/8864988/BlockchainEthereuminformation securitysmart contractsoftware engineeringsoftware lifecycle
collection DOAJ
language English
format Article
sources DOAJ
author Yongfeng Huang
Yiyang Bian
Renpu Li
J. Leon Zhao
Peizhong Shi
spellingShingle Yongfeng Huang
Yiyang Bian
Renpu Li
J. Leon Zhao
Peizhong Shi
Smart Contract Security: A Software Lifecycle Perspective
IEEE Access
Blockchain
Ethereum
information security
smart contract
software engineering
software lifecycle
author_facet Yongfeng Huang
Yiyang Bian
Renpu Li
J. Leon Zhao
Peizhong Shi
author_sort Yongfeng Huang
title Smart Contract Security: A Software Lifecycle Perspective
title_short Smart Contract Security: A Software Lifecycle Perspective
title_full Smart Contract Security: A Software Lifecycle Perspective
title_fullStr Smart Contract Security: A Software Lifecycle Perspective
title_full_unstemmed Smart Contract Security: A Software Lifecycle Perspective
title_sort smart contract security: a software lifecycle perspective
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a software lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.
topic Blockchain
Ethereum
information security
smart contract
software engineering
software lifecycle
url https://ieeexplore.ieee.org/document/8864988/
work_keys_str_mv AT yongfenghuang smartcontractsecurityasoftwarelifecycleperspective
AT yiyangbian smartcontractsecurityasoftwarelifecycleperspective
AT renpuli smartcontractsecurityasoftwarelifecycleperspective
AT jleonzhao smartcontractsecurityasoftwarelifecycleperspective
AT peizhongshi smartcontractsecurityasoftwarelifecycleperspective
_version_ 1724189112506777600

Similar Items