Verifying Security Vulnerabilities for Blockchain-based Smart Contracts

Resumo

In a modern world, aspects of cybersecurity become more of a requirement to software, systems, applications than just a feature implemented by programmers in their spare time. On the one hand, blockchain remains a pastime for people interested in digital currencies or decentralized, anonymous environments such as auctions or voting. On the other hand, cyberattacks are also not an exception to the blockchain community. Most of those attacks were made through smart contracts - pieces of code through which blockchain users interact with the actual blockchain. This paper analyses the background of blockchain technology, the implementation of smart contracts, and the cybersecurity aspect in the blockchain field. We describe an in-depth analysis of five static analysis tools (or code verifiers), their capabilities and drawbacks. These are tested with smart contracts with vulnerabilities deliberately included in their source code. The vulnerabilities are tailored so that they fit into the cybersecurity properties. After the implementation process, analysis is presented. We have found out which state-of-the-art static analysis tool is the most appropriate to secure the smart contract code from future cyberattacks on the blockchain.