Article Preview
TopIntroduction
Transactions are subject to risks and high transaction fees in the real world, especially when third parties are involved. The creation of blockchain technology brought the light of hope to this issue. The Blockchain is a decentralized ledger that allows secure transactions at a low cost (Nakamoto, 2008). At first, its application was related to the finance domain using the Bitcoin currency but has been extended lately to several sectors, including the contract domain, giving rise to a new intelligent contract era. Smart contracts based on Blockchain are a set of codes that enforce contract execution. Their correctness is essential to ensure trust in blockchain-based systems (Alexandre et al., 2018).
The contracts are presented as programs running on blockchain platforms, such as the Ethereum Virtual Machine (EVM). They interact through well-defined interfaces where no third parties are involved in the financial transaction’s completion in a distributed environment. However, attackers can exploit security vulnerabilities from the interfaces as they provide favorable malicious deeds (Yu et al., 2019). Blockchain technology has an immutability property that does not simplify bug fixing in a smart contract. One of the main reasons is that a deployed smart contract is not modified directly when bugs are found. It involves assets and different parties that need to be considered carefully. A novel version of the contract is created and deployed to fix bugs. However, data on the previous contract is not automatically sent to the new contract. Manual intervention is required to initiate the new contract with the earlier data, which is very clumsy (Shuai et al., 2019). Several smart contract vulnerabilities have been noticed; a breach of trust in the underlying blockchain technology was revealed (Evgeniy, 2018). Two of the most notorious security breaches are the infamous Decentralized Autonomous Organization (DAO) exploit, which has led to a considerable loss of more than $50 million, and the ParitySig attack, where $169 million is locked forever (Yuepeng et al., 2019; Franklin et al., 2019).
These incidents shed more light on the importance of securing smart contracts, and the user community started to pay more attention to them. Therefore, programmers are forced to ensure that smart contract codes are challenged from security perspectives before deployment. Consequently, smart contract issues have been hot topics among researchers (Wang et al., 2018). The frequent threats in the literature are related to codifying, security privacy and performance aspects, smart contract life cycle, and the blockchain architecture layers (Maher & Aad Van, 2017; Zibin et al., 2019; Huashan et al., 2020). Several contract analysis tools have been developed in the past few years to address these concerns and consist of an important database that needs to be continuously updated. Indeed, such a document is a powerful tool to help and guide blockchain practitioners and researchers. As most difficult issues are tackled, it is a severe option to ensure minimum security on the blockchain smart contract. However, threats have been discovered. Previous tools become obsolete against new threats, and security is therefore not assured. This situation becomes a concern and would lead Blockchain and smart contract users to conduct dense and thorough research to ensure smart contract safety. Also, as some issues are yet to be tackled, and some have received more attention than others, it becomes relevant to bring to their knowledge a clear vision of smart contract security for a better tool choice.
Thus, we provide this review to combine several smart contract problems with their respective solutions as much as possible. This article surveys the literature of smart contract issues from 2014 to 2021 as they apply to codify, security, privacy, and performance domain. Solutions related to issues are classified accordingly, while suggestions for likely research directions are presented.
Our contributions from this work are described as follows:
Identifying new vulnerabilities concerning codifying, security, privacy, and performance issues.
Identifying newly developed solutions against vulnerabilities.