Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?
CoRR(2023)
摘要
The growth of the decentralized finance (DeFi) ecosystem built on blockchain
technology and smart contracts has led to an increased demand for secure and
reliable smart contract development. However, attacks targeting smart contracts
are increasing, causing an estimated $6.45 billion in financial losses.
Researchers have proposed various automated security tools to detect
vulnerabilities, but their real-world impact remains uncertain.
In this paper, we aim to shed light on the effectiveness of automated
security tools in identifying vulnerabilities that can lead to high-profile
attacks, and their overall usage within the industry. Our comprehensive study
encompasses an evaluation of five SoTA automated security tools, an analysis of
127 high-impact real-world attacks resulting in $2.3 billion in losses, and a
survey of 49 developers and auditors working in leading DeFi protocols. Our
findings reveal a stark reality: the tools could have prevented a mere 8
the attacks in our dataset, amounting to $149 million out of the $2.3 billion
in losses. Notably, all preventable attacks were related to reentrancy
vulnerabilities. Furthermore, practitioners distinguish logic-related bugs and
protocol layer vulnerabilities as significant threats that are not adequately
addressed by existing security tools. Our results emphasize the need to develop
specialized tools catering to the distinct demands and expectations of
developers and auditors. Further, our study highlights the necessity for
continuous advancements in security tools to effectively tackle the
ever-evolving challenges confronting the DeFi ecosystem.
更多查看译文
关键词
defi security,tool evaluations,contract
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要