Skip to main content

Research Repository

Advanced Search

Smart Contract: Attacks and Protections

Sayeed, Sarwar; Marco-Gisbert, Hector; Caira, Tom


Sarwar Sayeed

Hector Marco-Gisbert

Tom Caira


Smart contracts are programs that reside within decentralized blockchains and are executed pursuant to triggered instructions. A smart contract acts in a similar way to a traditional agreement but negates the necessity for the involvement of a third party. Smart contracts are capable of initiating their commands automatically, thus eliminating the involvement of a regulatory body. As a consequence of blockchain's immutable feature, smart contracts are developed in a manner that is distinct from traditional software. Once deployed to the blockchain, a smart contract cannot be modified or updated for security patches, thus encouraging developers to implement strong security strategies before deployment in order to avoid potential exploitation at a later time. However, the most recent dreadful attacks and the multifarious existing vulnerabilities which result as a consequence of the absence of security patches have challenged the sustainability of this technology. Attacks such as the Decentralized Autonomous Organization (DAO) attack and the Parity Wallet hack have cost millions of dollars simply as a consequence of naïve bugs in the smart contract code. In this paper, we classify blockchain exploitation techniques into 4 categories based on the attack rationale; attacking consensus protocols, bugs in the smart contract, malware running in the operating system, and fraudulent users. We then focus on smart contract vulnerabilities, analyzing the 7 most important attack techniques to determine the real impact on smart contract technology. We reveal that even adopting the 10 most widely used tools to detect smart contract vulnerabilities, these still contain known vulnerabilities, providing a dangerously false sense of security. We conclude the paper with a discussion about recommendations and future research lines to progress towards a secure smart contract solution.

Journal Article Type Article
Acceptance Date Jan 17, 2020
Online Publication Date Jan 30, 2020
Publication Date 2020
Deposit Date Feb 1, 2022
Publicly Available Date Feb 1, 2022
Journal IEEE Access
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 8
Pages 24416-24427
Keywords Smart contracts, attack techniques, DApp, Ethereum, vulnerability
Public URL


You might also like

Downloadable Citations