Pre-deployment Analysis of Smart Contracts -- A Survey

TL;DR

This survey reviews various pre-deployment analysis methods for smart contracts, classifying vulnerabilities and techniques like static/dynamic analysis and machine learning to improve contract security.

Contribution

It systematically classifies smart contract vulnerabilities and analysis methods based on properties they address, providing a comprehensive overview of the state-of-the-art.

Findings

Classification of vulnerabilities and methods by properties

Identification of strengths of different analysis techniques

Comprehensive overview of pre-deployment smart contract analysis

Abstract

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process.