Abstract

Smart contracts (SC) are one of the most appealing features of blockchain technologies facilitating, executing, and enforcing predefined terms of coded contracts without intermediaries. The steady adoption of smart contracts on the Ethereum blockchain has led to tens of thousands of contracts holding millions of dollars in digital currencies and small mistakes during the development of SC on immutable blockchains have already caused substantial losses and involve the danger for future incidents. Hence, today the secure development of smart contracts is an important topic and several attacks and incidents related to vulnerable smart contracts could have been avoided. To foster a secure development process of SC this paper summarizes known vulnerabilities in smart contracts found by literature research and analysis. It compares currently available code analysis tools for their capabilities to identify and detect vulnerabilities in smart contracts based on a taxonomy for vulnerabilities. Finally, based on the TheDOA attack the paper shows an example for the adoption of best practices to avoid severe vulnerabilities in smart contracts.