Automated Tools for Secure Ethereum Smart Contract Development
This paper provides an overview of automated tools for secure development of Ethereum smart contracts. The article discusses current vulnerabilities specific to smart contracts, such as re-entrancy vulnerability, insufficient access control, price oracle manipulation, and others. Each vulnerability...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
The Fund for Promotion of Internet media, IT education, human development «League Internet Media»
2025-04-01
|
| Series: | Современные информационные технологии и IT-образование |
| Subjects: | |
| Online Access: | https://sitito.cs.msu.ru/index.php/SITITO/article/view/1190 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850069288886468608 |
|---|---|
| author | Andrey Chaheev Zakhar Nazarov |
| author_facet | Andrey Chaheev Zakhar Nazarov |
| author_sort | Andrey Chaheev |
| collection | DOAJ |
| description | This paper provides an overview of automated tools for secure development of Ethereum smart contracts. The article discusses current vulnerabilities specific to smart contracts, such as re-entrancy vulnerability, insufficient access control, price oracle manipulation, and others. Each vulnerability is accompanied by an illustration of the vulnerable code.
Next, we discuss different types of existing automated tools for secure smart contract development: static analyzer, linter, symbolic executor, fuzzing, and machine learning-based approaches. For each type of tool, a corresponding real solution is considered, which is one of the best in its category. These are open-source solutions such as the Slither static analyzer, the Solhint linter, the Mythril symbolic executor, and the Foundry framework, which includes fuzzing capabilities.
The current effectiveness of modern solutions is also considered, which shows that current threats are poorly detected by existing tools. Based on this, directions for the further development of new tools for the secure development of smart contracts are proposed.
The obtained results can be used to gain a deeper understanding of smart contract security issues, as well as to enhance the security of decentralized applications and develop automated smart contract auditing methods. |
| format | Article |
| id | doaj-art-b8044d1ac7d848fca4cfbb997bab867d |
| institution | DOAJ |
| issn | 2411-1473 |
| language | Russian |
| publishDate | 2025-04-01 |
| publisher | The Fund for Promotion of Internet media, IT education, human development «League Internet Media» |
| record_format | Article |
| series | Современные информационные технологии и IT-образование |
| spelling | doaj-art-b8044d1ac7d848fca4cfbb997bab867d2025-08-20T02:47:49ZrusThe Fund for Promotion of Internet media, IT education, human development «League Internet Media»Современные информационные технологии и IT-образование2411-14732025-04-01211253510.25559/SITITO.021.202501.25-35Automated Tools for Secure Ethereum Smart Contract DevelopmentAndrey Chaheev0https://orcid.org/0009-0003-2299-5416Zakhar Nazarov1https://orcid.org/0009-0004-5276-4253Sberbank of Russia, Moscow, RussiaLomonosov Moscow State University; Sberbank of Russia, Moscow, RussiaThis paper provides an overview of automated tools for secure development of Ethereum smart contracts. The article discusses current vulnerabilities specific to smart contracts, such as re-entrancy vulnerability, insufficient access control, price oracle manipulation, and others. Each vulnerability is accompanied by an illustration of the vulnerable code. Next, we discuss different types of existing automated tools for secure smart contract development: static analyzer, linter, symbolic executor, fuzzing, and machine learning-based approaches. For each type of tool, a corresponding real solution is considered, which is one of the best in its category. These are open-source solutions such as the Slither static analyzer, the Solhint linter, the Mythril symbolic executor, and the Foundry framework, which includes fuzzing capabilities. The current effectiveness of modern solutions is also considered, which shows that current threats are poorly detected by existing tools. Based on this, directions for the further development of new tools for the secure development of smart contracts are proposed. The obtained results can be used to gain a deeper understanding of smart contract security issues, as well as to enhance the security of decentralized applications and develop automated smart contract auditing methods.https://sitito.cs.msu.ru/index.php/SITITO/article/view/1190blockchainethereumsmart-contractsecurityvulnerabilitiesautomated tools |
| spellingShingle | Andrey Chaheev Zakhar Nazarov Automated Tools for Secure Ethereum Smart Contract Development Современные информационные технологии и IT-образование blockchain ethereum smart-contract security vulnerabilities automated tools |
| title | Automated Tools for Secure Ethereum Smart Contract Development |
| title_full | Automated Tools for Secure Ethereum Smart Contract Development |
| title_fullStr | Automated Tools for Secure Ethereum Smart Contract Development |
| title_full_unstemmed | Automated Tools for Secure Ethereum Smart Contract Development |
| title_short | Automated Tools for Secure Ethereum Smart Contract Development |
| title_sort | automated tools for secure ethereum smart contract development |
| topic | blockchain ethereum smart-contract security vulnerabilities automated tools |
| url | https://sitito.cs.msu.ru/index.php/SITITO/article/view/1190 |
| work_keys_str_mv | AT andreychaheev automatedtoolsforsecureethereumsmartcontractdevelopment AT zakharnazarov automatedtoolsforsecureethereumsmartcontractdevelopment |