利用
计算机科学
计算机安全
智能合约
风险分析(工程)
可靠性(半导体)
国家(计算机科学)
业务
块链
功率(物理)
物理
算法
量子力学
作者
Gonzalo Faura,Cezary Siewiersky,Irina Tal
出处
期刊:Springer proceedings in complexity
日期:2023-01-01
卷期号:: 453-476
标识
DOI:10.1007/978-981-19-6414-5_25
摘要
Blockchain and smart contract technology have led to the creation of an alternative financial system called Decentralised Finance (DeFi) which has grown exponentially in the last year alone to a current value of $76B. Without a central custodian or regulator, non-technical users may find it difficult to assess the security of their favourite projects. In this trustless environment, can the current state-of-the-art smart contract analysis tools be used by non-technical users to protect investors from incurring losses and improving the security in the space? In the paper, we review the literature focusing on well-known vulnerabilities of financial smart contracts and show the scale of successful DeFi attacks. By analysing the root cause of recent exploits of contracts, we assess the feasibility of detecting these vulnerabilities by automatic verification. We investigate 21 analysis tools for detecting vulnerabilities in smart contracts with an in-depth evaluation of six tools: Slither, Mythril, DerScanner, Manticore, Oyente and Securify v2. The tools were evaluated for their efficiency and accuracy against a custom dataset containing 28 vulnerable and 16 healthy smart contracts and are ultimately rated based on how useful they may be from a DeFi user perspective. The results indicate that, while Slither received the highest rating, none of the existing tools can successfully assist DeFi users at present due to lack of reliability or lack of simplicity for the targeted market.
科研通智能强力驱动
Strongly Powered by AbleSci AI