Advances in Smart Contract Security and Data-Oblivious Computation

The field of smart contract security and data-oblivious computation is rapidly evolving, with a focus on addressing the vulnerabilities and security challenges associated with smart contracts and software implementation. Researchers are exploring new approaches to detect and exploit vulnerabilities in closed-source and obfuscated contracts, as well as developing novel tools and techniques to analyze and mitigate security risks. The use of machine learning and formal verification methods is becoming increasingly prominent in this area, enabling the identification of vulnerable contracts and the development of secure and efficient computation models. Notably, the integration of data-oblivious programming and memory-safe hardware is showing promise in enhancing security and reducing the risk of side-channel attacks. Overall, the field is moving towards a more comprehensive and multi-faceted approach to smart contract security and data-oblivious computation. Noteworthy papers include:

  • Insecurity Through Obscurity, which presents a novel tool for analyzing closed-source contracts and detecting vulnerabilities.
  • BLACKOUT, which introduces an extension to the CHERI capability architecture for data-oblivious computation.
  • Smooth, Integrated Proofs of Cryptographic Constant Time, which formalizes the notion of constant-time execution for nondeterministic programs and compilers.

Sources

Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts

BLACKOUT: Data-Oblivious Computation with Blinded Capabilities

Mining Characteristics of Vulnerable Smart Contracts Across Lifecycle Stages

Smooth, Integrated Proofs of Cryptographic Constant Time for Nondeterministic Programs and Compilers

Automated Vulnerability Injection in Solidity Smart Contracts: A Mutation-Based Approach for Benchmark Development

AI-Based Vulnerability Analysis of NFT Smart Contracts

Built with on top of