Article Preview
TopIntroduction
Blockchain is a chained storage structure (Li et al., 2022) that guarantees the security of the system through cryptography and other technologies, the consistency of transactions through consensus algorithms (Fu et al., 2021), and the distributed storage of data through P2P networks. Due to its advantages in decentralization and traceability and immutability, blockchain technology has been widely used in industries such as information sharing (Park et al., 2021), product traceability (Wang et al., 2020), copyright protection (Liu et al., 2021), supply chain (Pournader et al., 2020), and finance (Kowalski et al., 2021). Currently, the development of blockchain is divided into three stages: blockchain 1.0, blockchain 2.0, and blockchain 3.0. Blockchain 1.0 is featured by programmable currency, represented by bitcoin Nakamoto (2008), with which, in 2017, saw its value soar by 1,900% (Holub & Johnson, 2019), to an extent where the price of a single Bitcoin reached $60,000 by 2021. Blockchain 2.0 is characterized by a programmable blockchain represented by Ethereum, of which the core is smart contracts. Ethereum is an open source public blockchain platform with smart contracts, and most smart contracts across the network currently run on the Ethereum platform. Blockchain 3.0 is a programmable community that goes beyond cryptocurrency and finance and is dedicated to applying blockchain to all aspects of life, providing decentralized solutions for various industries and moving toward the era of the smart Internet of Things. At present, the research on blockchain technology is in the intermediate stage from the blockchain 2.0 era to the blockchain 3.0 era. The research in this paper focuses on Ethereum smart contracts.
As an application platform for blockchain technology, Ethereum provides the largest execution platform for the operation of smart contracts. As a blockchain-based platform, Ethereum not only has basic cryptocurrency functions but also provides anonymous voting, transaction storage, product traceability, and other services. An Ethereum smart contract is an application running on an Ethereum virtual machine (EVM) in the form of EVM bytecode. Due to the open and transparent nature of Ethereum's own mechanisms, however, the EVM bytecode of a smart contract deployed on Ethereum can be accessed and analyzed by anyone. Although smart contracts are provided with a safe and secure execution environment by the blockchain, they may still face considerable security vulnerabilities in the development process due to the design mechanism of the Ethereum virtual machine, the problems carried by the characteristics of the blockchain, and the uneven code level of smart contract developers. Damage could be caused if an attacker finds a vulnerability by analyzing the EVM bytecode and launches an attack against the vulnerable smart contract, especially if the smart contract is used to handling asset-related business. The damage would be incalculable not only in terms of loss of assets but also in terms of challenge to the credibility and security of the platform. For example, in June 2016, the DAO incident occurred (Mehar et al., 2019), which directly led to a hard fall of Ethereum, where attackers exploited vulnerabilities in the DAO smart contract and stole 30% of the DAO's Ether in six hours, amounting to 12 million coins, with a market value of approximately $60 million. In July 2017, the Ethereum wallet parity was exposed to a major security flaw (Praitheeshan et al., 2019) in its multi-signature contract wallet.sol, which led to the theft of 150,000 Ether. Since smart contracts deployed on the blockchain cannot be modified, it is critical to verify smart contracts for crucial security vulnerabilities before deploying them to ensure that they are as secure as possible.