Skip to main content

Advertisement

Springer Nature Link
Log in

A survey on security in consensus and smart contracts

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Blockchain technology has evolved from a cryptocurrency-exclusive technique for direct transactions among distrusting users (i.e., Blockchain 1.0), into a general programming paradigm for building decentralized applications (i.e., Blockchain 2.0). That greatly expands the application domain of Blockchain 2.0 while importing much more security issues than Blockchain 1.0. Intensive research on the security of blockchain technology has been conducted, showing that security has become the most concerned topic in the blockchain realm, and consensus and smart contracts are the most vulnerable parts to be attacked. On account of this, we are concerned mainly in this review paper with security issues related to consensus and smart contracts. Different from previous surveys, this survey especially tries to provide a systematic and comprehensive view on the security of blockchain technology within consensus and smart contracts through the integral action-pathway from root causes, vulnerabilities, and attacks, to the consequences. Moreover, the proposed countermeasures to the security issues in consensus and smart contracts are also evaluated and discussed in a holistic manner. With our understanding of the surveyed methods, we believe that countermeasures should be proposed with full consideration of the causal relationships among causes, vulnerabilities, attacks, and consequences. We expect the current work can pave the way for a comprehensive understanding of how a security issue functions and where the undiscovered vulnerabilities and possible attacks hide, so as to systematically design the countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7/

  2. https://news.bitcoin.com/myetherwallet-servers-are-hijacked-in-dns-attack/

  3. https://www.coindesk.com/crypto-51-attacks-etc

  4. https://hacked.slowmist.io/

  5. Details of the review process: https://docs.google.com/document/d/12iFGkrcprvD1Rzm6XMbQAMUnHMMzEePctfxax19ORoc?usp=sharing

    References: https://docs.google.com/spreadsheets/d/1KuTZU-tTdd0UlRe9f9l3dcYoZFHEaabnSaYujK7DovU?usp=sharing

  6. Security-related references: https://docs.google.com/spreadsheets/d/1bJzbcVn4aQ1AsWCy1K_klSI74g772m1cKyI1qrdHKSI?usp=sharing

  7. https://btc.com/stats/pool

  8. https://www.coindesk.com/bitcoin-mining-detente-ghash-io-51-issue

  9. http://www.harmonydag.com/

  10. http://bitcoinfibre.org/

  11. https://www.falcon-net.org/

  12. The index number of a future block in which the transaction is likely to be mined.

  13. https://github.com/kieranelby/KingOfTheEtherThrone/blob/v0:4:0/contracts/KingOfTheEtherThrone:sol

  14. https://vyper.readthedocs.io/en/latest/?badge=latest

  15. https://github.com/pirapira/bamboo

  16. https://tezos.gitlab.io/whitedoc/michelson.html

  17. https://solidity.readthedocs.io/en/v0.5.10/yul.html

  18. https://github.com/crytic/echidna/

  19. https://chain.link/

References

  1. Kogure J, Kamakura K, Shima T (2017) Blockchain Technology for Next Generation ICT. Fujitsu Sci Tech J 53(5):56–61

    Google Scholar 

  2. Kagan J (2020) Financial Technology Fintech. https://www.investopedia.com/terms/f/fintech.asp. Accessed 29 Nov 2020

  3. Berg C, Davidson S, Potts J (2019) Blockchain Technology as Economic Infrastructure: Revisiting the Electronic Markets Hypothesis. Frontiers in Blockchain 2:22

    Article  Google Scholar 

  4. Ko T, Lee J, Ryu D (2018) Blockchain Technology and Manufacturing Industry: Real-Time Transparency and Cost Savings. Sustainability 10(11):4274

    Article  Google Scholar 

  5. Nakamoto S (2008) Bitcoin : A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf. Accessed 29 Nov 2020

  6. Yaga D, Mell P, Roby N, Scarfone K (2018) Blockchain technology overview. https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf. Accessed 29 Nov 2020

  7. Das P, Eckey L, Frassetto T, Gens D, Hostáková K, Jauernig P, Faust S, Sadeghi A (2019) FastKitten: Practical Smart Contracts on Bitcoin. In: 28th USENIX Security Symposium, USENIX Association, pp 801–818

  8. Szabo N (1996) Smart Contracts : Building Blocks for Digital Markets. https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html. Accessed 29 Nov 2020

  9. Zhu Y, Zhang X, Ju ZY, Wang C (2020) A study of blockchain technology development and military application prospects. J Phys: Conf Ser 1507

  10. Buterin V (2013) A Next-Generation Smart Contract and Decentralized Application Platform. https://ethereum.org/en/whitepaper/. Accessed 29 Nov 2020

  11. Johnson M, Jones M, Shervey M, Dudley JT, Zimmerman N (2019) Building a Secure Biomedical Data Sharing Decentralized App (DApp): Tutorial 21(10):e13601

  12. Davidson S, De Filippi P, Potts J (2016) Economics of Blockchain. http://www.ssrn.com/abstract=2744751. Accessed 29 Nov 2020

  13. Ali MS, Vecchio M, Pincheira M, Dolui K, Antonelli F, Rehmani MH (2019) Applications of Blockchains in the Internet of Things: A Comprehensive Survey 21(2):1676–1717

    Google Scholar 

  14. Tan L, Shi N, Yu K, Aloqaily M, Jararweh Y (2021a) A Blockchain-empowered Access Control Framework for Smart Devices in Green Internet of Things. ACM Transactions on Internet Technology 21(3):80:1–80:20

  15. Yu K, Tan L, Aloqaily M, Yang H, Jararweh Y (2021) Blockchain-enhanced data sharing with traceable and direct revocation in iiot. IEEE Trans Industr Inf 17(11):7669–7678

    Article  Google Scholar 

  16. Schar F (2020) Decentralized Finance: On Blockchain- and Smart Contract-based Financial Markets. https://papers.ssrn.com/abstract=3571335. Accessed 29 Nov 2020

  17. Kundu D (2019) Blockchain and Trust in a Smart City. Environ Urban ASIA 10(1):31–43

    Article  Google Scholar 

  18. Singh P, Nayyar A, Kaur A, Ghosh U (2020) Blockchain and fog based architecture for internet of everything in smart cities. Future Internet 12(4):61

    Article  Google Scholar 

  19. Tan L, Xiao H, Yu K, Aloqaily M, Jararweh Y (2021b) A blockchain-empowered crowdsourcing system for 5g-enabled smart cities. Computer Standards & Interfaces 76:103517

  20. Viriyasitavat W, Xu LD, Bi Z, Pungpapong V (2019) Blockchain and Internet of Things for Modern Business Process in Digital Economy the State of the Art. IEEE Trans Comput Soc Syst 6(6):1420–1432

  21. Frikha T, Chaabane F, Aouinti N, Cheikhrouhou O, Ben Amor N, Kerrouche A (2021) Implementation of Blockchain Consensus Algorithm on Embedded Architecture. Security and Communication Networks 2021

  22. Tayal A, Solanki A, Kondal R, Nayyar A, Tanwar S, Kumar N (2021) Blockchain-based efficient communication for food supply chain industry: Transparency and traceability analysis for sustainable business. Int J Commun Syst 34(4)

  23. Jiang Z, Cao Z, Krishnamachari B, Zhou S, Niu Z (2020) SENATE: A Permissionless Byzantine Consensus Protocol in Wireless Networks for Real-Time Internet-of-Things Applications. IEEE Internet Things J 7(7):6576–6588

    Article  Google Scholar 

  24. McAfee (2018) Blockchain Threat Report. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-blockchain-security-risks.pdf. Accessed 30 Nov 2020

  25. Daian P (2016) Analysis of the DAO exploit. https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/. Accessed 29 Nov 2020

  26. Chen H, Pendleton M, Njilla L, Xu S (2020a) A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses. ACM Computing Surveys 53(3):67:1–67:43

  27. Cheng J, Xie L, Tang X, Xiong N, Liu B (2020) A survey of security threats and defense on Blockchain. In: Multimedia Tools and Applications, Springer

  28. Homoliak I, Venugopalan S, Reijsbergen D, Hum Q, Schumi R, Szalachowski P (2021) The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses. IEEE Communications Surveys & Tutorials 23(1):341–390

    Article  Google Scholar 

  29. Samreen NF, Alalfi MH (2021) A Survey of Security Vulnerabilities in Ethereum Smart Contracts. CoRR abs/2105.06974

  30. Zaghloul E, Li T, Mutka M, Ren J (2020) Bitcoin and Blockchain: Security and Privacy. IEEE Internet Things J 7(10):10288–10313

    Article  Google Scholar 

  31. Kolb J, AbdelBaky M, Katz RH, Culler DE (2020) Core Concepts, Challenges, and Future Directions in Blockchain: A Centralized Tutorial. ACM Computing Surveys 53(1):9:1–9:39

  32. Wang Z, Jin H, Dai W, Choo KR, Zou D (2021) Ethereum smart contract security research: survey and future research opportunities. Front Comp Sci 15(2)

  33. Dasgupta D, Shrein JM, Gupta KD (2019) A survey of blockchain from security perspective. J Bank Financial Tech 3(1):1–17

    Article  Google Scholar 

  34. Leng J, Zhou M, Zhao JL, Huang Y, Bian Y (2021) Blockchain Security: A Survey of Techniques and Research Directions. IEEE Trans Serv Comput 51(1):237–252

    Google Scholar 

  35. Saad M, Spaulding J, Njilla L, Kamhoua CA, Shetty S, Nyang D, Mohaisen A (2020) Exploring the Attack Surface of Blockchain: A Comprehensive Survey. IEEE Communications Surveys & Tutorials 22(3):1977–2008

    Article  Google Scholar 

  36. Zhang R, Xue R, Liu L (2019) Security and Privacy on Blockchain. ACM Computing Surveys 52(3):51:1–51:34

  37. Kim S, Ryu S (2020) Analysis of Blockchain Smart Contracts: Techniques and Insights. In: IEEE Secure Development (SecDev), IEEE, pp 65–73

  38. Tolmach P, Li Y, Lin S, Liu Y, Li Z (2021) A Survey of Smart Contract Formal Specification and Verification. ACM Computing Surveys 54(7):141:1–141:38

  39. Dotan M, Pignolet YA, Schmid S, Tochner S, Zohar A (2021) Survey on Blockchain Networking: Context, State-of-the-Art, Challenges. ACM Computing Surveys 54(5):107:1–107:34

  40. Li D, Deng L, Gupta BB, Wang H, Choi C (2019a) A novel CNN based security guaranteed image watermarking generation scenario for smart city applications. Information Sciences 479:432–447

  41. Schollmeier R (2001) A Definition of Peer-to-Peer Networking for the Classification of Peer-to-Peer Architectures and Applications. In: 1st International Conference on Peer-to-Peer Computing (P2P), IEEE Computer Society, pp 101–102

  42. Donet Donet JA, Pérez-Solà C, Herrera-Joancomartí J (2014) The Bitcoin P2P Network. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 8438, pp 87–102

  43. Jain S, Mahajan R, Wetherall D (2003) A Study of the Performance Potential of DHT-based Overlays. In: 4th USENIX Symposium on Internet Technologies and Systems (USITS), USENIX Association

  44. Lamport L, Shostak R, Pease M (1982) The Byzantine Generals Problem. ACM Trans Program Lang Syst 4(3):382–401

    Article  Google Scholar 

  45. Satoshi N (2008) Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf. Accessed 29 Nov 2020

  46. Castro M, Liskov B (2002) Practical byzantine fault tolerance and proactive recovery. ACM Trans Comp Syst 20(4):398–461

    Article  Google Scholar 

  47. Bano S, Sonnino A, Al-Bassam M, Azouvi S, McCorry P, Meiklejohn S, Danezis G (2019) SoK: Consensus in the Age of Blockchains. In: Proceedings of the 1st ACM Conference on Advances in Financial Technologies (AFT), ACM, pp 183–198

  48. Szabo N (1997) Formalizing and Securing Relationships on Public Networks. First Monday 2(9)

  49. Grishchenko I, Maffei M, Schneidewind C (2018a) A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In: Principles of Security and Trust (POST), Springer, Lecture Notes in Computer Science, vol 10804, pp 243–269

  50. Grishchenko I, Maffei M, Schneidewind C (2018b) Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In: International Conference on Computer Aided Verification (CAV), Springer, Lecture Notes in Computer Science, vol 10981, pp 51–78

  51. Harz D, Knottenbelt WJ (2018) Towards Safer Smart Contracts: A Survey of Languages and Verification Methods. CoRR abs/1809.09805

  52. Schneidewind C, Grishchenko I, Scherer M, Maffei M (2020) eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 621–640

  53. Luu L, Chu DH, Olickel H, Saxena P, Hobor A (2016) Making Smart Contracts Smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 254–269

  54. Zupan N, Kasinathan P, Cuellar J, Sauer M (2020) Secure Smart Contract Generation Based on Petri Nets. In: Blockchain Technology for Industry 4.0: Secure, Decentralized, Distributed and Trusted Industry Environment, Springer, pp 73–98

  55. Wang S, Zhang C, Su Z (2019a) Detecting nondeterministic payment bugs in Ethereum smart contracts. Proceedings of the ACM on Programming Languages 3(OOPSLA):189:1–189:29

  56. Bartoletti M, Zunino R (2019) Verifying Liquidity of Bitcoin Contracts. In: Principles of Security and Trust (POST), Springer, Lecture Notes in Computer Science, vol 11426, pp 222–247

  57. Nikolic I, Kolluri A, Sergey I, Saxena P, Hobor A (2018) Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. In: Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC), ACM, pp 653–663

  58. Tsankov P, Dan AM, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev MT (2018) Securify: Practical Security Analysis of Smart Contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 67–82

  59. Bhargavan K, Delignat-Lavaud A, Fournet C, Gollamudi A, Gonthier G, Kobeissi N, Kulatova N, Rastogi A, Sibut-Pinote T, Swamy N, Béguelin SZ (2016) Formal Verification of Smart Contracts: Short Paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, ACM, pp 91–96

  60. Chen T, Li X, Luo X, Zhang X (2017) Under-optimized smart contracts devour your money. 24th International Conference on Software Analysis. IEEE Computer Society, Evolution and Reengineering (SANER), pp 442–446

    Google Scholar 

  61. Grech N, Kong M, Jurisevic A, Brent L, Scholz B, Smaragdakis Y (2018) MadMax: surviving out-of-gas conditions in Ethereum smart contracts. Proceedings of the ACM on Programming Languages 2(OOPSLA):116:1–116:27

  62. Douceur JR (2002) The Sybil Attack. Peer-to-Peer Systems, Springer, Lecture Notes in Computer Science 2429:251–260

    Article  Google Scholar 

  63. Carrara G, Burle L, Medeiros D, Albuquerque C, Menezes D (2020) Consistency, availability, and partition tolerance in blockchain: a survey on the consensus mechanism over peer-to-peer networking. Ann Telecommun 75:163–174

    Article  Google Scholar 

  64. Ekparinya P, Gramoli V, Jourjon G (2020) The Attack of the Clones Against Proof-of-Authority. In: 27th Annual Network and Distributed System Security Symposium (NDSS), The Internet Society

  65. Heilman E, Kendler A, Zohar A, Goldberg S (2015) Eclipse Attacks on Bitcoin’s Peer-to-Peer Network. In: Proceedings of the 24th USENIX Conference on Security Symposium, USENIX Association, pp 129–144

  66. Wiki B (2018) Confirmation. https://en.bitcoin.it/wiki/Confirmation. Accessed 29 Nov 2020

  67. Eyal I, Sirer EG (2014) Majority Is Not Enough: Bitcoin Mining Is Vulnerable. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 8437, pp 436–454

  68. Apostolaki M, Zohar A, Vanbever L (2017) Hijacking Bitcoin: Routing Attacks on Cryptocurrencies. In: IEEE Symposium on Security and Privacy (SP), IEEE Computer Society, pp 375–392

  69. Ekparinya P, Gramoli V, Jourjon G (2018) Impact of Man-In-The-Middle Attacks on Ethereum. In: 37th IEEE Symposium on Reliable Distributed Systems (SRDS), IEEE Computer Society, pp 11–20

  70. Natoli C, Gramoli V (2017) The Balance Attack or Why Forkable Blockchains are Ill-Suited for Consortium. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE Computer Society, pp 579–590

  71. Baumann A, Fabian B, Lischke M (2014) Exploring the Bitcoin Network. In: Proceedings of the 10th International Conference on Web Information Systems and Technologies (WEBIST), SciTePress, vol 1, pp 369–374

  72. Houy N (2016) The Bitcoin Mining Game. Ledger 1:53–68

    Google Scholar 

  73. Xiao Y, Zhang N, Lou W, Hou YT (2020) Modeling the Impact of Network Connectivity on Consensus Security of Proof-of-Work Blockchain. In: 39th IEEE Conference on Computer Communications (INFOCOM), IEEE, pp 1648–1657

  74. Xiong Z, Feng S, Niyato D, Wang P, Han Z (2018) Optimal Pricing-Based Edge Computing Resource Management in Mobile Blockchain. In: IEEE International Conference on Communications (ICC), IEEE, pp 1–6

  75. Eyal I (2015) The Miner’s Dilemma. In: IEEE Symposium on Security and Privacy (SP), IEEE Computer Society, pp 89–103

  76. Draupnir M (2016) Bitcoin Mining Centralization. https://www.bitcoinmining.com/bitcoin-mining-centr-alization/. Accessed 29 Nov 2020

  77. Sapirshtein A, Sompolinsky Y, Zohar A (2016) Optimal Selfish Mining Strategies in Bitcoin. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 9603, pp 515–532

  78. Szalachowski P, Reijsbergen D, Homoliak I, Sun S (2019) StrongChain: Transparent and Collaborative Proof-of-Work Consensus. In: 28th USENIX Security Symposium, USENIX Association, pp 819–836

  79. Tsabary I, Eyal I (2018) The Gap Game. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 713–728

  80. Nayak K, Kumar S, Miller A, Shi E (2016) Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack. In: IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, pp 305–320

  81. Dong X, Wu F, Faree A, Guo D, Shen Y, Ma J (2019) Selfholding: A combined attack model using selfish mining with block withholding attack. Computer & Security 87

  82. Kwon Y, Kim D, Son Y, Vasserman EY, Kim Y (2017) Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 195–209

  83. Sompolinsky Y, Zohar A (2016) Bitcoin’s Security Model Revisited. CoRR abs/1605.09193

  84. Churyumov A (2016) Byteball: A decentralized system for storage and transfer of value. https://byteball.org/Byteball.pdf. Accessed 29 Nov 2020

  85. COTI (2018) COTI: a decentralized, high performance cryptocurrency ecosystem optimized for creating digital payment networks and stable coins. https://coti.io/files/COTI-technical-whitepaper.pdf. Accessed 29 Nov 2020

  86. Garay JA, Kiayias A, Leonardos N (2015) The Bitcoin Backbone Protocol: Analysis and Applications. In: Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II, Springer, Lecture Notes in Computer Science, vol 9057, pp 281–310

  87. Negy KA, Rizun PR, Sirer EG (2020) Selfish Mining Re-Examined. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 12059, pp 61–78

  88. Zhang R, Preneel B (2019) Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocols’ Security. In: IEEE Symposium on Security and Privacy (S&P), IEEE, pp 175–192

  89. Tran M, Choi I, Moon GJ, Vu AV, Kang MS (2020) A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network. In: IEEE Symposium on Security and Privacy (S&P), IEEE, pp 894–909

  90. Alangot B, Reijsbergen D, Venugopalan S, Szalachowski P (2020) Decentralized Lightweight Detection of Eclipse Attacks on Bitcoin Clients. In: IEEE International Conference on Blockchain, IEEE, pp 337–342

  91. Apostolaki M, Marti G, Müller J, Vanbever L (2019) SABRE: Protecting Bitcoin against Routing Attacks. In: 26th Annual Network and Distributed System Security Symposium (NDSS), The Internet Society

  92. Luu L, Velner Y, Teutsch J, Saxena P (2017) SmartPool: Practical Decentralized Pooled Mining. In: 26th USENIX Security Symposium, USENIX Association, pp 1409–1426

  93. Dey S (2018) Securing Majority-Attack in Blockchain Using Machine Learning and Algorithmic Game Theory: A Proof of Work. In: 10th Computer Science and Electronic Engineering Conference (CEEC), IEEE, pp 7–10

  94. Wang Y, Tang C, Lin F, Zheng Z, Chen Z (2019b) Pool Strategies Selection in PoW-Based Blockchain Networks: Game-Theoretic Analysis. IEEE Access 7:8427–8436

  95. Chicarino VRL, Albuquerque C, Jesus EF, de A Rocha AA (2020) On the detection of selfish mining and stalker attacks in blockchain networks. Annals of Telecommunications 75(3–4), 143–152

  96. Hou C, Zhou M, Ji Y, Daian P, Tramèr F, Fanti G, Juels A (2021) SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning. In: 28th Annual Network and Distributed System Security Symposium (NDSS), The Internet Society

  97. Saad M, Njilla L, Kamhoua CA, Mohaisen A (2019) Countering Selfish Mining in Blockchains. International Conference on Computing. Networking and Communications (ICNC), IEEE, pp 360–364

    Google Scholar 

  98. Buchman E, Kwon J, Milosevic Z (2018) The latest gossip on BFT consensus. CoRR abs/1807.04938

  99. Kokoris-Kogias E, Jovanovic P, Gailly N, Khoffi I, Gasser L, Ford B (2016) Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In: 25th USENIX Security Symposium, USENIX Association, pp 279–296

  100. Lerner SD (2015) DECOR+HOP: A Scalable Blockchain Protocol. https://scalingbitcoin.org/papers/DECOR-HOP.pdf. Accessed 29 Nov 2020

  101. Eyal I, Sirer EG (2018) Majority is not enough: bitcoin mining is vulnerable. Commun ACM 61(7):95–102

    Article  Google Scholar 

  102. Pass R, Shi E (2017) FruitChains: A Fair Blockchain. In: Proceedings of the ACM Symposium on Principles of Distributed Computing (PODC), ACM, pp 315–324

  103. Bissias G, Levine BN (2020) Bobtail: Improved Blockchain Security with Low-Variance Mining. In: 27th Annual Network and Distributed System Security Symposium (NDSS), The Internet Society

  104. Camacho P, Lerner SD (2016) DECOR+LAMI: A Scalable Blockchain Protocol. https://scalingbitcoin.org/papers/DECOR-LAMI.pdf. Accessed 29 Nov 2020

  105. Zhang R, Preneel B (2017) Publish or Perish: A Backward-Compatible Defense Against Selfish Mining in Bitcoin. In: Handschuh H (ed) Cryptographers’ Track at the RSA Conference (CT-RSA), Springer, Lecture Notes in Computer Science, vol 10159, pp 277–292

  106. Atzei N, Bartoletti M, Cimoli T (2017) A Survey of Attacks on Ethereum Smart Contracts (SoK). Principles of Security and Trust, Springer, Lecture Notes in Computer Science 10204:164–186

    Article  Google Scholar 

  107. Pérez D, Livshits B (2019) Smart Contract Vulnerabilities: Does Anyone Care? CoRR abs/1902.06710

  108. Cachin C (2016) Architecture of the Hyperledger Blockchain Fabric. https://www.zurich.ibm.com/dccl/papers/cachin_dcc-l.pdf. Accessed 29 Nov 2020

  109. Sergey I, Nagaraj V, Johannsen J, Kumar A, Trunov A, Hao KCG (2019) Safer smart contract programming with Scilla. Proceedings of the ACM on Programming Languages 3(OOPSLA):185:1–185:30

  110. Alois J (2017) Ethereum Parity Hack May Impact ETH 500,000 or $146 Million. https://www.crowdfundinsider.com/2017/11/124200-ethereum-parity-hack-may-impact-eth-500000-146-million/. Accessed 29 Nov 2020

  111. Fu Y, Ren M, Ma F, Shi H, Yang X, Jiang Y, Li H, Shi X (2019) EVMFuzzer: detect EVM vulnerabilities via fuzz testing. In: Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), ACM, pp 1110–1114

  112. Sotnichek M (2018) Blockchain vulnerabilities: Fomo3D exploit explained. https://www.apriorit.com/dev-blog/556-fomo3d-vulne-rability. Accessed 29 Nov 2020

  113. Ethereum (2018) Ethereum Virtual Machine (EVM) Implementations. https://eth.wiki/concepts/evm/implementations. Accessed 29 Nov 2020

  114. Alharby M, van Moorsel A (2017) Blockchain-based Smart Contracts: A Systematic Mapping Study. CoRR abs/1710.06372

  115. Zhang F, Cecchetti E, Croman K, Juels A, Shi E (2016) Town Crier: An Authenticated Data Feed for Smart Contracts. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 270–282

  116. Schrans F, Eisenbach S, Drossopoulou S (2018) Writing safe smart contracts in Flint. In: Conference Companion of the 2nd International Conference on Art, Science, and Engineering of Programming, ACM, pp 218–219

  117. Blackshear S, Dill DL, Qadeer S, Barrett CW, Mitchell JC, Padon O, Zohar Y (2020) Resources: A Safe Language Abstraction for Money. CoRR abs/2004.05106

  118. Wood G (2014) Ethereum: a secure decentralised generalised transaction ledger. http://gavwood.com/paper.pdf. Accessed 29 Nov 2020

  119. Sergey I, Kumar A, Hobor A (2018a) Scilla: a Smart Contract Intermediate-Level LAnguage. CoRR abs/1801.00687

  120. Bernardo B, Cauderlier R, Pesin B, Tesson J (2020) Albert, An Intermediate Smart-Contract Language for the Tezos Blockchain. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 12063, pp 584–598

  121. Albert E, Gordillo P, Livshits B, Rubio A, Sergey I (2018) EthIR: A Framework for High-Level Analysis of Ethereum Bytecode. In: Automated Technology for Verification and Analysis (ATVA), Springer, Lecture Notes in Computer Science, vol 11138, pp 513–520

  122. Kasampalis T, Guth D, Moore BM, Serbanuta T, Zhang Y, Filaretti D, Serbanuta VN, Johnson R, Rosu G (2019) IELE: A Rigorously Designed Language and Tool Ecosystem for the Blockchain. In: International Symposium on Formal Methods (FM), Springer, Lecture Notes in Computer Science, vol 11800, pp 593–610

  123. Li X, Shi Z, Zhang Q, Wang G, Guan Y, Han N (2019b) Towards Verifying Ethereum Smart Contracts at Intermediate Language Level. In: 21st International Conference on Formal Engineering Methods (ICFEM), Springer, Lecture Notes in Computer Science, vol 11852, pp 121–137

  124. Cadar C, Sen K (2013) Symbolic execution for software testing: three decades later. Commun ACM 56(2):82–90

    Article  Google Scholar 

  125. Feng Y, Torlak E, Bodík R (2019) Precise Attack Synthesis for Smart Contracts. CoRR abs/1902.06067

  126. Permenev A, Dimitrov D, Tsankov P, Drachsler-Cohen D, Vechev MT (2020) VerX: Safety Verification of Smart Contracts. In: IEEE Symposium on Security and Privacy (S&P), IEEE, pp 1661–1677

  127. Chang J, Gao B, Xiao H, Sun J, Cai Y, Yang Z (2019) sCompile: Critical Path Identification and Analysis for Smart Contracts. In: 21st International Conference on Formal Engineering Methods (ICFEM), Springer, Lecture Notes in Computer Science, vol 11852, pp 286–304

  128. Mossberg M, Manzano F, Hennenfent E, Groce A, Grieco G, Feist J, Brunson T, Dinaburg A (2019) Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts. In: 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 1186–1189

  129. Nehai Z, Piriou P, Daumas FF (2018) Model-Checking of Smart Contracts. IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber. Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), IEEE, pp 980–987

    Google Scholar 

  130. Nelaturu K, Mavridou A, Veneris A, Laszka A (2020) Verified Development and Deployment of Multiple Interacting Smart Contracts with VeriSolid. In: International Conference on Blockchain and Cryptocurrency (ICBC), IEEE, pp 1–9

  131. Osterland T, Rose T (2020) Model checking smart contracts for Ethereum. Pervasive Mob Comput 63

  132. Kongmanee J, Kijsanayothin P, Hewett R (2019) Securing Smart Contracts in Blockchain. In: 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) Workshops, IEEE, pp 69–76

  133. Amani S, Bégel M, Bortin M, Staples M (2018) Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, ACM, pp 66–77

  134. Bernardo B, Cauderlier R, Hu Z, Pesin B, Tesson J (2019) Mi-Cho-Coq, a Framework for Certifying Tezos Smart Contracts. In: International Symposium on Formal Methods (FM), Springer, Lecture Notes in Computer Science, vol 12232, pp 368–379

  135. Nielsen JB, Spitters B (2019) Smart Contract Interactions in Coq. In: International Symposium on Formal Methods (FM), Springer, Lecture Notes in Computer Science, vol 12232, pp 380–391

  136. Sergey I, Kumar A, Hobor A (2018b) Temporal Properties of Smart Contracts. In: Leveraging Applications of Formal Methods, Verification and Validation, Springer, Lecture Notes in Computer Science, vol 11247, pp 323–338

  137. da Horta LPA, Reis JS, Pereira M, de Sousa SM (2020) WhylSon: Proving your Michelson Smart Contracts in Why3. CoRR abs/2005.14650

  138. Lahiri SK, Chen S, Wang Y, Dillig I (2018) Formal Specification and Verification of Smart Contracts for Azure Blockchain. CoRR abs/1812.08829

  139. Ahrendt W, Bubel R, Ellul J, Pace GJ, Pardo R, Rebiscoul V, Schneider G (2019) Verification of Smart Contract Business Logic - Exploiting a Java Source Code Verifier. In: Fundamentals of Software Engineering (FSEN), Springer, Lecture Notes in Computer Science, vol 11761, pp 228–243

  140. Park D, Zhang Y, Saxena M, Daian P, Rosu G (2018) A formal verification tool for Ethereum VM bytecode. In: Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), ACM, pp 912–915

  141. Brent L, Grech N, Lagouvardos S, Scholz B, Smaragdakis Y (2020) Ethainter: a smart contract security analyzer for composite vulnerabilities. In: Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI), ACM, pp 454–469

  142. Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In: Proceedings of the 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), IEEE, pp 8–15

  143. Ellul J, Pace GJ (2018) Runtime Verification of Ethereum Smart Contracts. In: 14th European Dependable Computing Conference (EDCC), IEEE Computer Society, pp 158–163

  144. Chen T, Cao R, Li T, Luo X, Gu G, Zhang Y, Liao Z, Zhu H, Chen G, He Z, Tang Y, Lin X, Zhang X (2020c) SODA: A Generic Online Detection Framework for Smart Contracts. In: 27th Annual Network and Distributed System Security Symposium (NDSS), The Internet Society

  145. Torres CF, Baden M, Norvill R, Jonker H (2019) ÆGIS: Smart Shielding of Smart Contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 2589–2591

  146. Jiang B, Liu Y, Chan WK (2018) ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE), ACM, pp 259–269

  147. Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) ReGuard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings (ICSE), ACM, pp 65–68

  148. Nguyen TD, Pham LH, Sun J, Lin Y, Minh QT (2020) sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE), ACM, p 778-788

  149. Viglianisi E, Ceccato M, Tonella P (2020) A federated society of bots for smart contract testing. J Syst Softw 168

  150. Zhang Q, Wang Y, Li J, Ma S (2020) EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts. 27th IEEE Int Conf Soft Anal. Evolution and Reengineering (SANER), IEEE, pp 116–126

    Google Scholar 

  151. Chen J, Xia X, Lo D, Grundy JC (2020b) Why Do Smart Contracts Self-Destruct? Investigating the Selfdestruct Function on Ethereum. CoRR abs/2005.07908

  152. Gao Z, Jayasundara V, Jiang L, Xia X, Lo D, Grundy JC (2019) SmartEmbed: A Tool for Clone and Bug Detection in Smart Contracts through Structural Code Embedding. In: International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 394–397

  153. Wang W, Song J, Xu G, Li Y, Wang H, Su C (2021) ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts. IEEE Trans Netw Sci Eng 8(2):1133–1144

    Article  Google Scholar 

  154. Chatterjee K, Goharshady AK, Velner Y (2018) Quantitative Analysis of Smart Contracts. Programming Languages and Systems, Springer, Lecture Notes in Computer Science 10801:739–767

    Article  Google Scholar 

  155. Laneve C, Coen CS, Veschetti A (2019) On the Prediction of Smart Contracts’ Behaviours. From Software Engineering to Formal Methods and Tools, and Back, Springer, Lecture Notes in Computer Science 11865:397–415

    Article  MathSciNet  Google Scholar 

  156. Adler J, Berryhill R, Veneris AG, Poulos Z, Veira N, Kastania A (2018) Astraea: A Decentralized Blockchain Oracle. IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber. Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), IEEE, pp 1145–1152

    Google Scholar 

  157. Biryukov A, Khovratovich D, Tikhomirov S (2017) Findel: Secure Derivative Contracts for Ethereum. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 10323, pp 453–467

  158. Seijas PL, Nemish A, Smith D, Thompson SJ (2020) Marlowe: Implementing and Analysing Financial Contracts on Blockchain. In: Financial Cryptography and Data Security (FC), Springer, Lecture Notes in Computer Science, vol 12063, pp 496–511

  159. Yu XL, Al-Bataineh OI, Lo D, Roychoudhury A (2020) Smart Contract Repair. ACM Transactions on Software Engineering and Methodology 29(4):27:1–27:32

  160. He J, Balunovic M, Ambroladze N, Tsankov P, Vechev MT (2019) Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, pp 531–548

  161. Liu Y, Li Y, Lin S, Zhao R (2020) Towards automated verification of smart contract fairness. In: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), ACM, pp 666–677

Download references

Funding

Project is supported in part by the Special Foundation for Basic Science and Frontier Technology Research Program of Chongqing (No. cstc2017jcyjAX0295), the Capacity Development Foundation of Southwest University (No. SWU116007), and the National Natural Science Foundation of China (No.61732019, 62032019, 61872051).

Author information

Authors and Affiliations

  1. RISE, School of Computer and Information Science, Southwest University, Chongqing, 400715, China

    Xuelian Cao, Jianhui Zhang, Xuechen Wu & Bo Liu

Authors
  1. Xuelian Cao
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Jianhui Zhang
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Xuechen Wu
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Bo Liu
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Bo Liu designed the research. Xuelian Cao, Jianhui Zhang, and Xuechen Wu performed the literature search and data analysis. Xuelian Cao and Bo Liu drafted the manuscript. Jianhui Zhang and Xuechen Wu helped organise the manuscript. Xuelian Cao and Bo Liu revised and finalized the paper.

Corresponding author

Correspondence to Bo Liu.

Ethics declarations

Conflicts of interest

Xuelian Cao, Jianhui Zhang, Xuechen Wu, and Bo Liu declare that they have no conflict of interest.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cao, X., Zhang, J., Wu, X. et al. A survey on security in consensus and smart contracts. Peer-to-Peer Netw. Appl. 15, 1008–1028 (2022). https://doi.org/10.1007/s12083-021-01268-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-021-01268-2

Keywords