Biblio

Ethereum, one of the most popular blockchain platforms, provides financial transactions like payments and auctions through smart contracts. Due to the immense interest in smart contracts in academia, the research community of smart contract security has made a significant improvement recently. Researchers have reported various security vulnerabilities in smart contracts, and developed static analysis tools and verification frameworks to detect them. However, it is unclear whether such great efforts from academia has indeed enhanced the security of smart contracts in reality. To understand the security level of smart contracts in the wild, we empirically studied 55,046 real-world Ethereum smart contracts written in Solidity, the most popular programming language used by Ethereum smart contract developers. We first examined how many well-known vulnerabilities the Solidity compiler has patched, and how frequently the Solidity team publishes compiler releases. Unfortunately, we observed that many known vulnerabilities are not yet patched, and some patches are not even sufficient to avoid their target vulnerabilities. Subsequently, we investigated whether smart contract developers use the most recent compiler with vulnerabilities patched. We reported that developers of more than 98% of real-world Solidity contracts still use older compilers without vulnerability patches, and more than 25% of the contracts are potentially vulnerable due to the missing security patches. To understand actual impacts of the missing patches, we manually investigated potentially vulnerable contracts that are detected by our static analyzer and identified common mistakes by Solidity developers, which may cause serious security issues such as financial loss. We detected hundreds of vulnerable contracts and about one fourth of the vulnerable contracts are used by thousands of people. We recommend the Solidity team to make patches that resolve known vulnerabilities correctly, and developers to use the latest Solidity compiler to avoid missing security patches.

The Internet of Things (IoT) visualizes a massive network with billions of interaction among smart things which are capable of contributing all sorts of services. Self-configuring things (nodes) are connected dynamically with a global network in IoT scenario. The small things are widely spread in a real world paradigm with minimal processing capacity and limited storage. The recent IoT technologies have more concerns about the security, privacy and reliability. Sharing personal data over the centralized system still remains as a challenging task. If the infrastructure is able to provide the assurance for transferring the data but for now it requires special attention on security and data consistency. Because, centralized system and infrastructure is viewed as a more attractive point for hacker or cyber-attacker. To solve this we present a secured smart contract based on Blockchain to develop a secured communicative network. A Hash based secret key is used for encryption and decryption purposes. A demo attack is done for developing a better understanding on blockchain technology in terms of their comparison and calculation.