Distributed Ledger Technologies (DLTs) and smart contracts are revolutionizing industries by enabling transparent, decentralized, and automated transactions. However, the security of smart contracts remains a significant concern, as vulnerabilities can undermine the reliability of such systems and lead to substantial financial losses. Despite the critical importance of ensuring their integrity, there is a notable lack of automated frameworks to comprehensively assess smart contracts’ security throughout their lifecycle, leaving them susceptible to various threats. This position paper proposes a framework to enhance smart contract security auditing, i.e., to efficiently and effectively support smart contract code analysis and testing and identify critical vulnerabilities. The framework encompasses several key components: identification of a target security profile, prioritization of potential vulnerabilities, systematic testing planning and execution, and a robust auditing and certification process. By establishing a structured approach to testing, we aim to enhance the security and reliability of smart contracts. In addition, we analyze the open challenges that must be addressed to build this framework effectively.
Position Paper: Toward a (Semi-)Automatic Framework for Smart Contract Security Audit / Bonomi, Silvia; Coppa, Emilio; Lenti, Simone; Ruggiero, Claudia. - (2025), pp. 105-109. ( 20th European Dependable Computing Conference, EDCC 2025 Faculty of Sciences of the University of Lisbon (FCUL), prt ) [10.1109/edcc66201.2025.00026].
Position Paper: Toward a (Semi-)Automatic Framework for Smart Contract Security Audit
Bonomi, Silvia
;Coppa, Emilio
;Lenti, Simone
;Ruggiero, Claudia
2025
Abstract
Distributed Ledger Technologies (DLTs) and smart contracts are revolutionizing industries by enabling transparent, decentralized, and automated transactions. However, the security of smart contracts remains a significant concern, as vulnerabilities can undermine the reliability of such systems and lead to substantial financial losses. Despite the critical importance of ensuring their integrity, there is a notable lack of automated frameworks to comprehensively assess smart contracts’ security throughout their lifecycle, leaving them susceptible to various threats. This position paper proposes a framework to enhance smart contract security auditing, i.e., to efficiently and effectively support smart contract code analysis and testing and identify critical vulnerabilities. The framework encompasses several key components: identification of a target security profile, prioritization of potential vulnerabilities, systematic testing planning and execution, and a robust auditing and certification process. By establishing a structured approach to testing, we aim to enhance the security and reliability of smart contracts. In addition, we analyze the open challenges that must be addressed to build this framework effectively.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
