Skip to main content
. 2021 Apr 18;14(5):2901–2925. doi: 10.1007/s12083-021-01127-0

Table 6.

Some examples of security optimization-centric solutions

Publication Contribution Description
Vulnerability detection
Luu et al. [59] Oyente Oyente is a symbolic execution tool that aims at finding potential security bugs. It extracted the control map from the EVM Bytecode of the contract and found potential vulnerabilities in the contract by executing a control map.
Bragagnolo et al. [15] SmartInspect SmartInspect is a solidity smart contract inspector that aims at analyzing contract states using decompilation techniques driven by the contract structure definition. It also allows contract developers to better visualize and understand the contract stored state without needing to redeploy, nor develop any ad-hoc code.
Jiang et al. [47] ContractFuzzer ContractFuzzer is a novel fuzzer to test Ethereum smart contracts for security vulnerabilities. ContractFuzzer generates fuzzing inputs based on the ABI specifications of smart contracts, defines test oracles to detect security vulnerabilities, instruments the EVM to log smart contract run-time behaviors, and analyzes these logs to report security vulnerabilities.
Liu et al. [54] ReGuard ReGuard is a fuzzing-based analyzer to automatically detect re-entrancy bugs in Ethereum smart contracts. Specifically, ReGuard performs fuzz testing on smart contracts by iteratively generating random but diverse transactions.
Kolluri et al. [48] EthRacer EthRacer is an automatic analysis tool that runs directly on Ethereum bytecode and requires no hints from users in order to detect event-ordering bugs in blockchain smart contracts.
Transactional privacy
Kosba et al. [49] Hawk Hawk is a blockchain model of cryptography and privacy-preserving smart contracts. It does not make financial transactions available publicly on the blockchain to maintain transactional privacy.
Watanabe et al. [101] Verifying contract protocol It aims at deploying an encrypted smart contract on the blockchain. Only participants having a decryption key can access the contract’s content.
Trustworthy data feeding
Zhang et al. [113] Town Crier Town Crier acts as a bridge between smart contracts and existing web sites, which are already commonly trusted for non-blockchain applications.
Liu et al. [57] Data carrier architecture Data carrier architecture is cost-effective and elastic for blockchain-enabled IoT environment that enables smart contracts to fetch off-chain data. The evaluation results show that the proposal is more efficient and elastic compared with Oraclize Oracle data carrier service.