Smart contract vulnerabilities and auditing

  • Author(s) / Creator(s)
  • As its name implies, this chapter focuses on one of the most vulnerable components of blockchain technology; namely, smart contracts. This chapter discusses a total of nine smart contract-related attacks by taking a look at the coding errors that lead to are the root cause(s) of such security breaches. These include reentrancy, access control, arithmetic, unchecked return value, DOS, bad randomness, race conditions, short addresses, and timestamp dependency attacks. In addition to the coding and attack discussion mentioned above, this chapter also discusses seven different smart contract audit methodologies. Depending on the anticipated use case-not all seven audit methodologies need to be used in the course of smart contracts development, auditors need to have a basic understanding of these audit approaches to be able to recommend a proper mix of smart contract testing and evaluation before the launch of smart contracts. As mentioned, both in chapters two and nine, extreme caution must be exercised during the coding and testing of smart contract, as smart contract development is akin to firmware development, in the sense that once deployed, a defective smart contract can no longer be fixed by applying a software patch to it. As such, the only workable solution is to kill the smart contract, assuming that such kill switch has been added to its design and to replace the problematic smart contract with a fully functioning one. Information systems auditors will also find the smart contract audit template as a useful tool in planning and conducting smart contract audits.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International