Tackle the Smart Contract Vulnerabilities

Tackle the Smart Contract Vulnerabilities

Parthasarathi R. (Delhi University, India) and Puneet Kaushal (Lucideus Technologies, India)
Copyright: © 2020 |Pages: 13
DOI: 10.4018/978-1-5225-9715-5.ch062


A smart contract is a computerized transaction protocol that executes the terms of a contract in a trusted decentralized manner, meaning the execution of this contract is no more dependent on one single party or a node and the execution is immutable. This key core idea also leads to many vulnerabilities, which in turn results in huge financial loss to the consumers. The main objective of this article is to cover the various common vulnerabilities stages from development to implementation and proposed some of the best-recommended practices to tackle the above mentioned potential security risks.
Chapter Preview


This section briefly features the nature and the need for smart contracts technology along with its basic properties.

What Are Blockchain and the Smart Contract?

A blockchain is a cryptographic database (ledger) maintained by a network of computers, each of which stores a copy of the most up-to-date version. A blockchain protocol is a set of rules that dictate how the computers in the network, called nodes, should verify new transactions and add them to the database.

A smart contract is an electronic form of conventional contract/agreement deployed and running on the blockchain which executes the terms of the contract automatically without any need of trusted third parties (mediator, court, etc) for the effective implementation.

Figure 1.

Farmer to customer transction using smart contract


Figure 1 depicts the sample use case of smart contract in the Business (farmer) to customer model.

Need for the Smart Contract

Traditional transactions are built on trust and, usually, contracts are considered as a symbol for an existing business deal by the contracting parties. Another major problem with the traditional contracts is that they do not provide enough details about the actual transaction process and as a result. Friction with conflicts between the contracting parties is more frequent (alexbafana 2016).

The above mentioned problems are addressed effectively by the development of a smart contract. In general from the viewpoint of information technology smart contract is viewed as an online program, in reality, it is a multidisciplinary concept that also concerns finance/business and contract law, each with the different perspective (Chapter 9: Building a Secure Future, One blockchain at a time 2018). That is, from the viewpoint of business, a smart contract defines how transactions and payments are executed among different accounts. From the viewpoint of contract law, a contract is an agreement between mutually committed parties (Ustbmde 2018). Because of its interdisciplinary nature, development of smart contract needs collaboration between many experts such as business experts, software and information security engineers, lawyers, and bank managers from different domains (He, et al. 2018).

Properties of Smart Contract

Everything that runs on a blockchain required to be immutable and should have the capability to run through multiple nodes without any compromise on integrity. In order to achieve that, smart contract functionality needs to have three things in common:


A deterministic program is the one that gives the exact output every single time for the particular given input. That is, if the output for 5+1 is 6 then 5+1 ALWAYS will have 6 as an output (assuming the same base). But, there are numerous moments a program can act in an un-deterministic manner:

Key Terms in this Chapter

Auditing: The process of conducting an official inspection of a company or its accounts.

Blockchain: A digital ledger in which transactions made in cryptocurrency are recorded chronologically and publicly.

DAO: Is an organization represented by rules encoded as a computer program that is transparent, controlled by shareholders and not influenced by a central government.

Smart Contract: Is a computer code running on top of a blockchain containing a set of rules under which the parties to that smart contract agree to interact with each other.

Cryptocurrency: A digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

Ethereum: Is an open software platform based on blockchain technology that enables developers to build and deploy decentralized applications.

Dapps: Decentralized applications (dApps) are applications that run on a P2P network of computers rather than a single computer.

Complete Chapter List

Search this Book: