Benefits and Use of Smart Contract Page 4, 5, 6

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2021.3074544, IEEE Internet of
Things Journal
IEEE INTERNET OF THINGS JOURNAL 1
Security Challenges and Opportunities for Smart

Contracts in Internet of Things: A Survey
Kai Peng, Meijun Li, Haojun Huang, Chen Wang, Senior Member, IEEE,
Shaohua Wan, Senior Member, IEEE, and Kim-Kwang Raymond Choo, Senior Member, IEEE
Abstract—Smart contracts, one of the success stories in blocks and immutable once being confirmed. It provides a
blockchain 2.0, have been widely utilized in a broad range of decentralized, securely encrypted blockchain network for IoT
applications, including those involving Internet of Things (IoT). nodes, making it difficult for hackers to control the entire
Given the fast-pace nature of the topic, it can be challenging for
the research community to keep track of the latest advances. network through a single weakness. Thus, it has the potential
Hence, in this paper, we perform a comprehensive, in-depth to not only address the problems of scalability, trust cost and
review of known security challenges (e.g., inherently vulnerable small-scale points of failure, but also allow for more intelligent
particularities, programming vulnerabilities, and attacks) and automation and efficient transactions (without the need of third
potential research opportunities associated with the deploying parties) [14]–[16].
of smart contracts in an IoT setting. This survey is expected to
serve as a starting point for exploiting the benefits of dependable As promising technology of blockchain 2.0, smart contracts
smart contracts in this new and largely open area. facilitate more practical applications in the integration between
the blockchain and IoT industry [17]–[21]. As early as 1997,
Index Terms—Smart contract, Internet of Things, security
auditing, programming vulnerability, blockchain. Nick Szabo formally proposed the concept of a quantitative
electronic trading agreement for the implementation of con-
tract terms [22]. The overall goal of designing smart contracts
I. I NTRODUCTION is to meet common contractual conditions (e.g., payment
The Internet of Things (IoT), which provides a general terms, confidentiality, etc.), and to abate malicious or acciden-
network for data exchange and communication between the tal anomalies and reliance on trusted intermediaries. However,
things, is leading to a higher level of automation, a more it is after the emergence of the blockchain technology that
efficient society and a better life nowadays [1]–[3]. The smart contracts are truly implemented [23]. With blockchain
traditional IoT industry usually adopts a centralized service features, a smart contract is able to automatically execute
platform, or a distributed platform following some centraliza- the agreements prescribed in advance when some triggering
tion principles, for the implementation of productive capabil- conditions are met. In IoT scenarios, smart contracts enable
ities and applications. However, with the rapidly increasing peer-to-peer contractual behaviors for IoT devices without
number of devices and demands for services, traditional IoT any central authority but the blockchain nodes to certify
architectures are facing enormous challenges of the higher cost the transactions, thus yielding a more efficient management
of construction and maintenance of large-scale data centers, paradigm with lower cost [24].
performance bottlenecks and more security and privacy risks Nevertheless, current techniques of smart contracts are still
(e.g., cyber-attacks) [4]–[6]. far from maturity and reliability since the birth of the first
The emergence of blockchain technologies brings hope of smart contract platform called Ethereum [23] five years ago,
sorting out these issues [7]–[12]. Derived from the famous and gradually reveal many vulnerabilities and problems in
cryptocurrency Bitcoin [13], a blockchain is a distributed recent years [25], [26]. The most notorious accident caused
ledger with all records appended in an ongoing chain of data by smart contracts is the distributed autonomous organizations
(a.k.a. DAO), the largest crowd-funding blockchain project
This work was supported in part by the National Natural Science Foundation
of China under Grants 61872416, 62002104, 52031009 and 62071192; by with assets of about 60 million USD [27]. Due to a viciously
the Fundamental Research Funds for the Central Universities of China under modified recursive call in its smart contract, the DAO was
Grant 2019kfyXJJS017; by the Natural Science Foundation of Hubei Province attacked and resulted in a huge loss in 2016.
of China under Grant 2019CFB191; and by the Open Research Project of
Hubei Key Laboratory of Intelligent Geo-Information Processing under Grant This accident has led to an intense discussion over the
KLIGIP-2018A03. (Corresponding author: Chen Wang.) security of smart contracts. Considering that the research on
K. Peng, M. Li, H. Huang and C. Wang are with School of Electronic the blockchain-based IoT is in full swing in recent years, it
Information and Communications, Huazhong University of Science and Tech-
nology, Wuhan 430074, China. K. Peng and C. Wang are also with Hubei is important to explore the hidden danger as soon as possi-
Key Laboratory of Intelligent Geo-Information Processing, China University ble. Therefore, we search for published literature on Google
of Geosciences, Wuhan 430078, China. Email: {pkhust, meijunli, hjhuang, Scholar (with keywords such as smart contract, security and
chenwang}@hust.edu.cn.
S. Wan is with School of Information and Safety Engineering, Zhongnan IoT) to discover the security issues in recent research works,
University of Economics and Law, Wuhan 430073, China. Email: shao- and summarize the related surveys between 2016 to 2020 in
hua.wan@ieee.org. Table I. As observed from the table, Luu et al. [26] firstly
K.-K. R. Choo is with the Department of Information Systems and Cyber
Security, University of Texas at San Antonio, San Antonio, TX 78249-0631, discovered four kinds of security bugs in Ethereum contracts
USA. Email: raymond.choo@fulbrightmail.org. and built an analyzing tool to detect bugs. After that, security
2327-4662 (c) 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: SARDAR VALLABHBHAI NATIONAL INSTITUTE OF TECH. Downloaded on April 21,2021 at 04:53:55 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2021.3074544, IEEE Internet of
Things Journal
2 IEEE INTERNET OF THINGS JOURNAL
TABLE I: A summary of existing surveys related to smart contract security.
Pub.
Literature Scope Advantages Limitations
year
Firstly document security vulnerabili-
No security issues in smart
Luu et al. [26] 2016 List 4 security vulnerabilities ties in Ethereum smart contracts and
contract-based IoT
propose recommendations for them
Firstly identify the pros and cons of Only the immutability of
Christidis and Devet- Discuss some opportunities and chal-
2016 blockchain and smart contract based smart contracts is men-
sikiotis [28] lenges of smart contracts in IoT
IoT tioned
Investigate 12 security vulnerabilities Provide the first systematic exposition No security issues in smart
Atzei et al. [29] 2017
and 5 attacks of security vulnerabilities in Ethereum contract-based IoT
Provide a modified taxonomy of secu-
List 22 security vulnerabilities and test No security issues in smart
Dika [30] 2017 rity vulnerabilities and test the avail-
9 security tools against vulnerabilities contract-based IoT
able security tools
Firstly conduct a systematic mapping
Discuss 6 security issues and propose No security issues in smart
Alharby et al. [31] 2018 study as the methodology to produce a
the corresponding solutions contract-based IoT
map of current smart contract research
Firstly discuss the possibilities and Only discuss the privacy is-
Investigate 3 challenges of smart con-
Hanada et al. [19] 2018 limitations of smart contracts for sue and impact of bugs in
tracts in IoT
machine-to-machine communication smart contract-based IoT
Discuss security considerations in Only discuss observability
Fotiou and Discuss opportunities and challenges
2018 smart contract-based IoT and present and immutability of smart
Polyzos [32] of smart contracts in IoT
new design choices contracts
Present the most comprehensive threat
Describe 16 security attacks against No security issues in smart
Ferrag [33] 2019 models that are considered by the
blockchain-based IoT contract-based IoT
blockchain in IoT
Investigate 6 security tools and discuss Propose a four-layer blockchain archi- Only discuss a little on se-
Wu et al. [15] 2019 the problems of blockchain-based IoT tecture, compare numerous works and curity issues in blockchain-
from three aspects analyze their pros and cons based IoT
Propose a taxonomy of security veri- Discuss the security solutions from No security issues in smart
Liu et al. [34] 2019
fication and discuss the pros and cons three new aspects contract-based IoT
List 8 security methods against vulner-
Rouhani and Recognize a problem in smart contract No security issues in smart
2019 abilities, review the performance and
Deters [35] and provide a novel solution contract-based IoT
IoT Integration of smart contracts
Di Angelo and Investigate 27 security tools against Provide the most comprehensive com- No security issues in smart
2019
Salzer [36] vulnerabilities parison of 27 security tools contract-based IoT
Provide the most comprehensive re- No security issues in smart
Demir et al. [37] 2019 Investigate 28 security issues
view of 28 security issues contract-based IoT
Analyze 16 security risks in Hyper- Firstly analyze potential security risks No security issues in smart
Yamashita et al. [38] 2019
ledger Fabric smart contracts in Hyperledger Fabric smart contracts contract-based IoT
Use Technology-Organization- Only roughly mention 4
Identify 13 key-determinants for smart
Schmitt et al. [39] 2019 Environment framework and four risks in smart contract-
contract-based IoT
interviews to identify pros and cons based IoT
List 12 security vulnerabilities, issues Conduct the first systematic exami-
No security issues in smart
Li et al. [27] 2020 of criminal and under-optimized smart nation on security risks to popular
contract-based IoT
contracts, with 6 attacks blockchain systems
Define 7 attacks and list 10 security Examine smart contract-based attacks No security issues in smart
Sayeed et al. [40] 2020
tools and the results of their exploitation contract-based IoT
Compare typical smart contract plat-
Discuss opportunities of smart con- No security issues in smart
Zheng et al. [41] 2020 forms and give a categorization of
tracts for industrial IoT contract-based IoT
smart contract applications
López Vivar et Analyze 12 security vulnerabilities, 2 Conduct the most comprehensive ex- No security issues in smart
2020
al. [42] attacks and 18 security tools periment of 18 security tools contract-based IoT
Firstly discuss 3 aspects of security
Discuss 3 aspects of security issues of
issues, corresponding solutions, re-
Our work 2021 smart contracts in IoT and correspond-
search challenges and future directions
ing solutions
for smart contracts used in IoT
Things Journal
K. PENG et al.. SECURITY CHALLENGES AND OPPORTUNITIES FOR SMART CONTRACTS IN INTERNET OF THINGS: A SURVEY 3
Check external
Oracles
data source
Preset trigger conditions
Specific time/event/... Smart contract Condition 1: response 1
Condition 2: response 2
Preset response rules ...
Specific transaction/operation/... State Value Condition N: response N
Block 0 Block 1 Block 2 ...
Fig. 1: The operating mechanism of smart contracts.
issues of Ethereum platform and its programming language II. OVERVIEW OF S MART C ONTRACTS FOR I OT
were systematically reviewed in [29]. Yamashita et al. [38] A. Basics of Blockchain and Smart Contract
firstly analyzed security risks in Hyperledger smart contracts.
A blockchain is a distributed database with all transaction
Authors in [27], [30], [36], [37] gave more comprehensive
records continuously appended and unmodified in a grow-
summaries of vulnerabilities, attacks and corresponding solu-
ing list of data blocks [43]. The implementation of the
tions in smart contracts. However, the surveys above lack the
blockchain integrates a variety of techniques including dis-
research cases in an IoT setting. Considering the deployment
tributed consensus, encryption algorithms, peer-to-peer com-
of blockchains and smart contracts in IoT, there are only
munication, timestamp servers, smart contracts, etc. The core
surveys discussing general opportunities and challenges of
of a blockchain is consensus, which is used to achieve avail-
smart contracts [19], [28], [32], [39], [41], or surveys on
ability and consistency in a distributed system. Representative
only blockchain security [15], [33], [35], while none of them
consensus mechanisms [44] include PoW (Proof of Work),
explores the smart contract security issues and solutions for
PoS (Proof of Stake), PBFT (Practical Byzantine Fault Toler-
IoT thoroughly.
ance), DPoS (Delegated Proof of Stake), etc. The emergence
For the purpose of filling the gap in this field, we intend to
of the blockchain allows participants to exchange unforgeable,
explore the vulnerabilities and attacks in smart contracts which
non-tamperable and traceable data without reliance on any
may seriously affect the stability of the IoT ecosystem, and re-
trusted third party.
mind developers of avoiding blunders, alleviating unnecessary
losses more effectively and integrating blockchain technology A smart contract is a decentralized program with a set
into the development of IoT more firmly. Specifically, our of self-enforcing agreements on the blockchain [26]. As a
major contributions are summarized as follows. representative technology in the second generation of the
blockchain, smart contracts offer more extensive and practical
• We review the security issues and solutions in the integra-
applications beyond the early blockchains only designed for
tion between smart contracts and the IoT systematically
cryptocurrencies. A typical operating mechanism of a smart
and comprehensively for the first time.
contract is as shown in Fig. 1. Generally, after being signed by
• We explore the smart contracts in all mainstream
relevant parties, the smart contract is loaded to the blockchain
blockchain platforms for IoT usage, and present our
in the form of program code. Then it is propagated by peer-to-
findings of the underlying security issues from three
peer network, verified by blockchain nodes, and stored into a
important aspects: inherently vulnerable particularities,
newly-generated block. The smart contract encapsulates preset
programming vulnerabilities, and feasible attacks.
states, values, trigger conditions for auto-execution (e.g., when
• We summarize and compare recent advances of the
a specific time or event comes) and specific response rules for
corresponding solutions in a compact form toward the
new transactions or other operations. The blockchain plays the
aforementioned three aspects of security issues.
parts of monitoring the state of smart contracts and checking
• We outline some remaining challenges and future re-
external data in real time, waiting for the trigger to activate
search directions in this new and largely open area.
contracts.
The remainder of this survey is organized as follows. In
Section II, we provide an overview of smart contracts, with
a focus on how they work and how they are deployed to the B. Framework of Smart Contract
IoT. Section III presents a threat model of smart contracts for The basic framework of a smart contract mainly contains
the IoT and summarizes the current security issues. Following five layers: data layer, transport layer, contract layer, execution
from the above that, we present the major solutions to cope layer and application layer, as shown in Fig. 2.
with these security issues in Section IV. Section V presents Data Layer: The data layer includes on-chain and off-
the challenges and future research directions, and finally, chain data, which are necessary data sources of running a
Section VI concludes the survey. smart contract. For observability and verifiability, state data
Things Journal
mance and compatibility, most smart contract platforms adopt

lightweight virtual machines such as the Ethereum Virtual
Application Machine (EVM). The design of a virtual machine is also
IoT Finance Energy …
layer
critical for the secure execution of each smart contract. More
Blockchain App. / API seriously, once being executed on chain, the immutability of
smart contracts means it is hard to reverse and repair the
Code existing security problems.
Contract Parameter and Standard Legal Application Layer: The application layer is deployed on
layer Business logic code content the basis of the former layers. In this layer, decentralized
applications are produced to serve for smart contracts to
communicate with other computers and practical applications
Execution Other virtual
Docker EVM (e.g., the IoT systems, financial services and smart energy
layer machines
ecosystems). A secure API (Application Program Interface)
will facilitate the interaction between abundant applications
and smart contracts on the blockchain.
Transport Communication Communication
layer protocol mechanism
C. Implementation of Smart Contract
Data block / API
The concrete implementation of a smart contract differs
On-chain data Off-chain data in diverse blockchain platforms. Among all these platforms,
Data layer Ethereum is the pioneer to implement the idea of smart con-
State Transaction Contract code Other data tract in practical and then becomes the most widely used smart
contract platform for now. With an EVM and a built-in Turing-
complete programming language, Solidity, Ethereum enables
Fig. 2: The basic framework of smart contracts. developers to create consensus-based, extensible, standardized
and decentralized applications on its blockchain [23]. The
syntax of Solidity (c.f. Fig. 4) is similar to JavaScript, and the
and transaction data are generally stored on the blockchain. source code is eventually compiled into bytecode and runs in
The original contract code is stored either on the chain or the EVM. Also, Ethereum provides abundant interfaces (e.g.,
off the chain. At present, most blockchain systems choose JSON-RPC, JavaScript and Geth) for external program calls.
to publish the code and application data to the blockchain, The core elements of an Ethereum smart contract include
then execute them on the chain. However, since everything message calls, transactions, gas, logs, instruction sets, code
on the chain is transparent to everyone, security and privacy libraries, storage, and accounts as the basic unit of it. Ac-
issues need attention. Another way is to store the hash of counts maintain a series of state objects which store state
a smart contract on the blockchain, and to save the original information in Ethereum. There are two types of accounts:
contract through a file system or reliable data platform using externally owned accounts (EOAs), which store the balance of
hash index. This relieves the pressure of observability and the account and are controlled by private keys; and contract
scalability of the blockchain. accounts (CAs) which store the balance and contents of the
Transport Layer: The transport layer encapsulates the contract, and are controlled by contract code and only activated
communication protocols and communication mechanisms by EOAs. Accounts enable the creation and verification of
for supporting on-chain-to-on-chain and on-chain-to-off-chain transactions on Ethereum blockchain.
data transmission. For data from outside the chain, we have to Seeing the success of Ethereum, dozens of other smart
be careful where they come from and how they communicate contract platforms popped up in the last few years, such
with other data to ensure the credibility. as Hyperledger Fabric [45], Enterprise Operation System
Contract Layer: The contract layer contains parameters (EOS) [46], TRON [47] and IOTA [48]. A brief comparison
for specific functions (e.g., contract management, user admin- of these platforms is illustrated in Table II.
istration and data management) and business logic as rules of Different from Ethereum, the goal of Hyperledger Fabric
execution, and the code of program logic and legal content is to realize a universal basic framework of permissioned
written in standard programming languages. In this layer, how blockchain with the PBFT consensus, meaning that a network
to design the underlying logic, programming languages and can be operated under a governance model that builds the trust
functions are extremely important for blockchain developers, between participants, though participants may not trust each
because a majority of vulnerabilities and attacks could arise other. The Fabric smart contract, also known as chaincode, is
here. a program written in Go (also supports other programming
Execution Layer: The execution layer refers to the runtime languages such as Node.js and Java), and it implements
environment for smart contracts, including virtual machines predefined interfaces and runs in a Docker container isolated
and the Docker [45] which provide sandboxes for executing from the endorsing peer process.
contract code, isolating and restricting the resources of the EOS is developed as an innovative solution to Ethereum’s
contract. To reduce the resource cost and improve perfor- lack of scalability with a more efficient consensus protocol,
Things Journal
TABLE II: The comparison of representative smart contract platforms.

Ethereum Hyperledger Fabric EOS TRON IOTA
Mainnet launch date July 2015 October 2018 June 2018 June 2018 July 2016
Consensus mechanism PoW PBFT DPoS DPoS Tangle
Permission Permissionless Permissioned Permissionless Permissionless Permissionless
Transactions per second 15-25 3500 4000 2000 10000
Contract language Solidity Go C/C++ Solidity Abra
Contract execution envi-
EVM Docker WebAssembly TVM Abra VM
ronment
Transaction fee Depend on gas price No No No No
DPoS. The EOS smart contracts are written in C/C++, which IoT devices and participants. Here, we briefly introduce how
promotes programming flexibility. Running an EOS smart smart contracts are leveraged to complete common IoT tasks.
contract does not need transaction fees. Additionally, EOS Asset and Transaction Management: In scenarios like
utilizes the pre-compiled WebAssembly to implement its smart energy trading and sharing asset rental, smart contracts can
contracts onto the blockchain, which boosts the efficiency of accomplish tasks such as supervising the transaction process
contract execution when compared to other Ethereum-based and authorizing physical assets to users [12], [19], [49], [50].
smart contracts. Any transaction can be completed automatically and recorded
Similar to EOS, TRON also adopts a customized DPoS permanently on the blockchain as long as developers make
consensus protocol for better scalability and higher throughput. rules and trigger conditions for contracts. For instance, a
The TRON platform is developed on Ethereum and its smart German company named Slock.it [51] utilizes smart con-
contracts are written in the Solidity language. The virtual tracts for sharing, renting and selling physical assets without
machine of TRON is TVM (TRON Virtual Machine), which intermediaries. In this way, Blockchain and smart contract
connects seamlessly with the existing Solidity smart contract technology can ensure mutual trust between users through
development ecosystem. TVM employs the concept of Energy its decentralization, so that users can realize a true sharing
to dispose of fees. economy and protect user privacy.
IOTA is a revolutionary distributed ledger technology espe- Routing and Workload Balancing: Smart contracts can
cially designed for the IoT. It is based on the tangle, a new type also fulfill the management of new workloads when they are
of Directed Acyclic Graph (DAG). The tangle can overcome submitted to the IoT network [52], [53]. Firstly, smart contracts
the inefficiency of the existing blockchain technology, theoret- need to analyze which tasks are the actual tasks that the IoT
ically process an infinite amount of transactions and create a device is in charge of. Then a workload balancing algorithm
new method for the consensus of a decentralized system. There is deployed with consideration of the device workload and,
is no transaction fee through IOTA, too. IOTA smart contract is hence, the allocation of the total workload can be inclined to
an ongoing work of the IOTA Foundation. Each smart contract the unloaded devices from the devices with heavy tasks.
can be executed in the local environment without forcing the Distributed Computing: Smart contracts can be devel-
entire network to execute them. oped to enable the acquisition and provisioning of computing
resources [20], [54]–[56]. Distributed computing with smart
D. Smart Contract Applications for the IoT contracts is a new solution to achieve an intelligent match
of idle nodes as computing resource providers and customers
Smart contracts endow IoT with significant benefits: (computing resource demanders). This solution fully develops
• Data in smart contracts cannot be deleted or modified. and leverages the existing computing resources, simplifies the
Any behavior will be permanently recorded and witnessed process of computing services, which leads to lower comput-
by each participant. Thus the transparency and traceabil- ing costs and increased quality-of-service in IoT scenarios.
ity of the whole operation and transaction history can Data Traceability and Auditability: The supply chain is
be ensured, and the interference of malicious behaviors an essential application of IoT. The most critical properties
in normal executions of IoT systems will be greatly for the supply chain are data traceability and auditability,
alleviated. which are also the most significant advantages of blockchain.
• The inherent decentralization avoids the influence of Inspired by this common ground, a great deal of work was
centralization factors and improves the cost-effectiveness conducted for blockchain and smart contract-based supply
of smart contract-based IoT applications. chain applications and related agriculture applications [57]–
• When conditions are met, the contract code will be [63]. Bocek et al. [64] introduced an application that tracks
automatically executed, which avoids the manual process the distribution of medical products via IoT sensors and smart
and ensures that the contract issuer cannot breach the contracts. To ensure the quality and environmental conditions
contract. compliance of the products upon the delivery, sensors in each
With these advantages, smart contracts have been adopted parcel collect and transfer the relevant data to the blockchain.
in many typical scenarios of the IoT, as illustrated in Fig. 3, A smart contract of the application receives data, stores results
and are able to perform different parts in interacting with the on the blockchain and reports back to the receiver as well as to
Things Journal
Sharing
economy
Asset and Device

Smart
E-health transaction operation
home
management management
Smart
Routing and contracts Access
workload for the IoT control IoT security
balancing
Smart grid and privacy
Data
Distributed traceability
computing and
auditability
Distributed
Supply chain
computing
platform Agriculture
Fig. 3: The applications of smart contracts for the IoT.
the distributor. This technology guarantees the data integrity, III. S ECURITY I SSUES
credibility and publicly accessibility when people want to trust Although the blockchain technology provides new features
the data provided by IoT devices. and opportunities for traditional IoT applications through
Access Control: Smart contracts are useful for expressing smart contracts, issues that impede smart contracts for fully
fine-grained context-aware access control policies and au- satisfying the requirements of service providers and users
thenticating IoT users [17], [65]–[69]. For example, a smart have shown up, such as relatively low performance and high
contract with methods that obtain, manage and distribute the overhead from computation-intensive consensus and smart
public keys of users with different permissions. Zhang et contract operations [19]. Nevertheless, these burdens are worth
al. [18] presented a smart contract-based framework to imple- their weight given the aforementioned significant benefits on
ment the access control lists and achieve a distributed access offer.
control for IoT systems, where three types of smart contracts Among these issues, security issues are the most critical
are defined: multiple access control contracts for each pair of and primary things to be considered to achieve safer and
subject and object, a judge contract with misbehavior-judging better usage of blockchain and smart contract technology in
functions of the subjects for the access control, and a register the IoT environment. To this end, we conduct a thorough
contract for configuration of the former smart contracts. Their investigation of the security characteristics in current smart
framework has been tested to be feasible and secure with real- contract techniques and propose a threat model to describe
world experiments. Considering the limited computing power the security issues of smart contract-based IoT applications in
of IoT devices, the use of a decentralized blockchain-based this section.
access control system can improve the flexibility and security
of the system. This type of system also helps deal with illegal
operations by smart contracts. This application is reasonable A. Threat Model
and promising. When attempting to investigate potential security issues and
Device Operation Management: Smart contracts also pro- reduce security risks to an IoT system, it is valuable to build
vide systems that monitor and manage multifarious operations a threat model for analyzing and classifying known attacks. In
of IoT devices, such as CRUD (Create, Read, Update, Delete) this part, we adopt the famous STRIDE framework to elaborate
and encryption operations [70]. In [71], smart contracts are our threat model.
simply used to store data from smart meters and smartphones. STRIDE [89] is a set of threat modeling methodology
Smart devices check values on Ethereum time to time so as developed by Microsoft. According to the core underpinning
to change their states. Hash values and updating rules of the of information security (confidentiality, integrity and availabil-
firmware on devices can also be stored in a smart contract, ity) and its basic properties (authenticity, non-repudiability
so that devices can query the smart contract for the latest and authorization), STRIDE divides threats into six dimen-
version and the hash of the firmware from IPFS, a peer-to- sions: spoofing, tampering, repudiation, information disclo-
peer distributed file system, and then update themselves [28]. sure, denial of service (DoS), and elevation of privilege. In
Things Journal
TABLE III: The threat model of security issues and solutions of smart contracts for the IoT.
Different Types of Security Issues Issue Sources Threats Corresponding Solutions
Standardize the programming [72] and use
Observability [32] Data layer I
cryptographic technologies to protect privacy
Adopt standards from contract law to alter
Immutability [73] Execution layer D
or repeal smart contracts [73]
Use a trusted third party which provides
Inherently Vulnerable Lack of trustworthy data
Data layer ST authenticated data [75] or use multiple dis-
Particularities feeds [74]
tributed oracle servers [76]
Use third-party services such as Ora-
Randomness generation [77] Data layer T
clize [78] to obtain safe random numbers
Use block.number [26] and an average block
Timestamp dependence [29] Data layer T
time to estimate time
Guard condition [26]; launch a specific con-
Transaction-ordering depen-
Data layer T text for the output as a prerequisite for
dence [26]
transactions; use logical clocks
Add a cache layer [79] to ensure that the
Read after write [38] Data layer T conflicting transactions must be waiting until
the previous transactions are committed
Unchecked call/send [29] Contract layer STE
Out-of-gas send [29] Contract layer D
Type casts [27] Contract layer D
Security auditing methods:
Integer over/under flows [74] Execution layer T
Programming a) Signature matching
Authorization through
Vulnerabilities Contract layer SE b) Formal verification
tx.origin [74]
c) Symbolic execution
Missing constructor [80] Contract layer T
Storage allocation exploits Contract layer D
Non-determinism [38] Contract layer TD
Fake EOS [81] Contract layer T
Adopt “Checks / Effects / Interactions” pat-
Reentrancy attack [82] Contract layer ST
tern [83] or a mutex [84]
S T D
Attacks against Eclipse attack [85] Transport layer Upgrade user clients to 1.8.1 [86]
E
Smart Contracts
Use a timelock; avoid the operations that can
DoS attack [84] Contract layer D be manipulated to reach the gas limit; adjust
the operation cost dynamically [87]
See solutions to Transaction-ordering depen-
Dynamic library attack [29] Data layer T
dence
Add a specific available period for the per-
RAMsomware attack [88] Contract layer TD
mission to terminate the attack anytime [88]
the following, we introduce STRIDE in the context of the make it impossible to link an action one performed to himself,
smart contract-based IoT. which violates the security property of non-repudiability.
Spoofing: Spoofing refers to the ability to impersonate an- Information Disclosure: Information disclosure threats in-
other entity (e.g., another person or computer) on the system, volve the exposure of information to unauthorized individuals,
which violates the security property of authenticity. When IoT which violate the confidentiality. Due to the open-source
nodes interact with each other through smart contracts, mali- nature ofthe smart contract technology, the transactions and
cious attackers may exploit the authentication vulnerabilities contents of smart contracts are public to all users, thus the data
in smart contracts and masquerade as developers to gain the stored on the IoT systems is susceptible to privacy violation
access illegally. by malicious attackers.
Tampering: Tampering refers to malicious modification of DoS: DoS attacks deny service to valid users, which violate
data, which violates the integrity. Since the development of the the availability. The requirement of availability is to ensure
smart contract technology is immature, vulnerabilities appear that the IoT information can indeed be used by authorized
at different stages and can hardly be fixed by developers. With users. In other words, legitimate users can use the required
the knowledge of these vulnerabilities, attackers can exploit information when needed, and will not lose data resources due
them and tamper with the contents of smart contracts, then to unexpected errors. Adversaries may deliberately invalidate
modify the corresponding IoT information. IoT data or services to deny users access to IoT systems by
Repudiation: Repudiation is the ability of an attacker to many attack techniques, such as launching a DoS attack at
Things Journal
smart contract-level. damages to the IoT system and threaten the IoT integrity.
Elevation of Privilege: In this type of threat, an attacker Besides, oracles must minimize the blockchain response time
gains privileged access without permission and thereby can to provide time-variant IoT data and also to prevent itself from
effectively penetrate the blockchain system or even become sharply fluctuating due to malicious nodes [76].
part of the trusted system itself. This threat violates the Randomness Generation: When an IoT system runs for
security property of authorization. the first time, it needs to generate random numbers as device
Based on the STRIDE model, we can analyze the framework identities. To generate random numbers in Ethereum-like smart
and operating mechanism (mentioned in Section II) of smart contracts, developers need to use a pseudo random number
contracts in the IoT system, and identify the security issues generator (PRNG). The alarming thing is the case that the most
that have been discovered, then investigate the mitigation commonly-used PRNGs introduced below are vulnerable [77],
measures to build our threat model (c.f. Table III). which may damage the authentication of IoT devices.
• PRNGs based on the block variables. For instance,
B. Classification of Security Issues block.difficulty, block.number and block.timestamp. All
of the above block variables could be manipulated by
This subsection introduces the important security issues of
blockchain miners because these block variables are
smart contract-based IoT applications. As is demonstrated in
shared on the same block.
Table III, we classify them into the following three categories
• PRNGs based on the hash of old blocks. Each block
according to the characteristics of smart contracts and utilize
on Ethereum blockchain has a certified hash value that
the STRIDE framework to assess the impacts of different
can be obtained by the block.blockhash function. This
issues.
function is often used incorrectly.
1) Inherently Vulnerable Particularities: Some inherent
particularities brought by the design of blockchain prototype Timestamp Dependence: Some smart contracts use the
and different smart contract platforms may have security risks block timestamp as a trigger for certain operations to achieve a
for smart contracts and they are vulnerable to be attacked by variety of applications, such as locking money for a period of
malicious users in IoT scenarios. We will go through each of time. Usually, the timestamp is derived from the miner’s local
them in the following. time, but the time fluctuates in a range of about 900 seconds
Observability: Most blockchain platforms are open-source, [29]. When other nodes accept a new block, they only need to
such as Ethereum and EOS. All bytecode of smart contracts verify whether the timestamp is later than that of the previous
can be observed by IoT users on the blockchain, and a small block and the error between it and the local time is within
part of contracts’ source code is also open to the public. Thus, 900 seconds. A miner can profit from the conditions that are
all vulnerabilities are visible to the public, too. Apparently, this favorable to him by slightly adjusting the timestamp of the
observability violates the confidentiality of IoT security. If the block. If the block timestamp is incorrectly used in a smart
developer is negligent or inexperienced, and the code of smart contract and maliciously tampered with, it will be a severe
contract is flawed, it is very easy to be exploited and attacked threat for the integrity of IoT systems.
by hackers [32]. Furthermore, the more powerful the smart Transaction-Ordering Dependence: In Ethereum
contract is, the more likely it is to have vulnerabilities, and blockchain, the execution order of transactions depends
the more likely it is to be noticed by more people. Once the on the miners. However, it takes a certain amount of time
key vulnerabilities are discovered, it will cause losses to the for a transaction to be spread out and acknowledged by all
entire IoT system users and managers [90]. miners in a block. If the state of a transaction which is being
Immutability: At the beginning of the design for improving executed is different from the assumed state, the transaction
the credibility, the smart contract (e.g., the Ethereum) was order decided by miners may affect the execution of given
devised with a pattern that cannot be modified once deployed transactions [26]. This phenomenon occurs when more
on the blockchain system [73]. However, the immutability than one transaction concurrently invokes the same contract
of the smart contract is a double-edged sword, because if that miners could tamper the order in which transactions
it is written by humans, there could always be errors and are executed. In Hyperledger Fabric, the same issue also
defects. The design of Ethereum violates the general rule of exists [79]. If the state where a transaction will be run is not
programming, and thus it may take such impact of the contract for sure, the property safety of ordinary IoT users may be
vulnerabilities more widespread, durable, and even irreparable. violated.
Lack of Trustworthy Data Feeds: To manage the massive Read after Write: In distributed systems, Read-Your-Write
data from IoT devices, smart contracts have to request data consistency is a guarantee that once a record has been updated
feeds from outside the blockchain, especially in the supply to a new value, any request to read the record will return
chain [64]. Whereas, smart contracts are designed to utilize the to the updated value. In Hyperledger Fabric blockchain, this
information only inside blockchain so as not to overwhelm the consistency is not supported. Hence, when reading a record
lightweight nature. The only way to make contact with the out- that has already been written during the same transaction,
side world is via the oracle [38], a means of data feeds usually the blockchain will return the old value of the record [38].
given by a third party. The problem is whether the external This read-write conflict may lead to an undesired phenomenon
data is trustworthy or not [74], [91]. If a malicious oracle that some of the transactions may become invalid when
imports corrupt data onto the chain, it will cause irreparable transactions are submitted concurrently in the system.
Things Journal
2) Programming Vulnerabilities: Another common security pragma solidity ^0.4.10;

problem comes from the programming process of smart con-
tracts, especially for a new language like Solidity. Developers contract MyCall
are prone to mistakes when coding the contract. Ethereum {
has repeatedly experienced many security accidents caused by event CallResult(bool);
contract vulnerabilities since it came online. A report [92]
points out that in Ethereum, 89 percent of smart contracts function extCall(address _sc)
have more or less code vulnerabilities. Apart from that, other {
platforms like EOS and Hyperledger Fabric are also faced with bool result = _sc.call(bytes4(keccak256(“func1()”)));
the programming vulnerabilities to some extent. CallResult(result);
Next, we enumerate the most common vulnerabilities in the }
}
process of programming smart contracts in IoT applications.
These vulnerabilities are highly probable to be exploited to
contract SC
launch attacks against smart contracts and IoT systems by
{
hackers. // call() is for the external calls
Unchecked Call/Send: There are many functions (e.g., call, function func1()
send and delegatecall) to perform external calls in Solidity. {
The functions call and send return a Boolean value to indicate revert();
whether the invocation succeeds or not, just like a simple }
warning. If the external call (initiated by call or send) fails, the }
transaction executing these functions will not be rolled back.
Instead, the functions will simply return a false. However, Fig. 4: A smart contract with unchecked call/send vulnerability
when the return value is not checked yet, an error will in Solidity.
occur but the rollback will not occur. This allows a called
smart contract to run code with the privileges of the calling
smart contract and gives the attacker unauthorized access not checked and the calculations are executed, causing the
to protected functionality within the smart contract. Here is numbers to exceed the range of data types. The forms of
an example of this vulnerability in Fig. 4. In this case, a integer over/under flows include multiplication, addition, and
call is used to invoke an external function < address > subtraction over/under flows. The good news is, OpenZeppelin
.call(bytes4(keccak(“somef unc(params)00 ), params)), but provides a Solidity library called SafeMath that can effectively
it will only return a false to the calling one [29]. In Hyper- avoid this vulnerability.
ledger Fabric, a similar risk also exists [38]. Authorization through tx.origin: All Ethereum smart con-
Out-of-gas Send: In order to prevent the infinite loop of tracts have an address object and can also call for code
contract code, Ethereum added the concept of code executing from other addresses. Different contract addresses represent
consumption. After the contract code is deployed to the different contracts and the permissions they have. In Solidity,
Ethereum platform, when the EVM executes the code, each there is a global variable named tx.origin that traverses the call
step in the code consumes a certain amount of gas. Gas could stack completely and then returns the address of the account
be regarded as “energy”, and the external caller provides a that submitted the invocation or transaction originally. It is not
certain amount of gas when calling a function of the contract. recommended to use this variable to authorize IoT users [74]
If the gas amount is larger than the “energy” required by this because it will incur the hazard of attacks similar to phishing
part of the code, it will be executed successfully, otherwise an attacks which induce users to check identities and authenticate
out-of-gas exception will happen, and the contract state will via vulnerable contracts.
be rolled back [29]. Forcing a smart contract into a state where Missing Constructor: Similar to object-oriented program-
it needs more gas than the limit to run can make it incapable ming languages, developers can initialize contract objects
of running. through constructors in smart contracts. When creating a
Type Casts: When types in Solidity are used for direct contract, the constructor is called to initialize data of the
calls [27], the caller must declare the callee’s interface and state variable. The vulnerability of missing constructor is that
cast it to the callee’s address when calling. However, when the constructor name is different from the contract name,
the compiler checks the calling statement, it does not look but it is a public type, so it will become a public function
for type mismatch errors or throw an exception. Hence, it has that can be called by anyone [80]. Generally, constructors
become a hidden danger that programmers have not always are used to define the administrator’s address, the amount of
aware of. tokens and so on when initializing the contract. Therefore,
Integer Over/Under Flows: EVM specifies a fixed-size we can imagine the hazard of their becoming public. Many
data type for integers, which indicates that an integer variable components of the entire infrastructure for the IoT system, for
can only represent a certain range of numbers. For example, instance, access control and the management of tokens, will
a variable uint8 can only store integers in the range from be basically broken.
0 to 255. Without notice, variables in Solidity can be ex- Storage Allocation Exploits: Each variable is assigned to a
ploited to launch attacks [74] as long as the user’s input is storage location when being stored. In Solidity, there are two
Things Journal
different variables for storage, storage and memory. Storage contract that the attacker could take advantage of [86]. For
variables are permanently stored on the blockchain, while the instance, it can replace a normal user’s IP address with the
memory variables are temporary and will be removed after the adversary’s IP address to track the user’s private information
external call ends. However, Solidity currently stores complex in an IoT system [93].
data types as local variables in functions, such as array and DoS Attack: For resource-constrained IoT devices with low
struct, in storage by default. In addition, for state variables, the power and storage capacity, the DoS attack is one of the most
storage order is generally arranged in the order of appearance. severe and common threats to the IoT ecosystem. There are at
Solidity has a distinct difference from traditional languages least two approaches to launch the DoS attack against smart
in that it allows developers to define a reference to storage. contracts [84], the purpose of which is to make the contracts
The uninitialized external pointer (reference) will point to the not work for some time or permanently and then interfere with
starting address by default. If it is not initialized and the the IoT devices.
assignment is done directly, the state variable at the 0 address
• Launching DoS through (unexpected) revert: In
will be overwritten and errors may occur.
Ethereum, if the change of state of the smart contracts
Non-determinism: Determination of the contract business
depends on the result of the execution of the external
logic in Hyperledger Fabric is violated by the instructions
function and developers do not protect the situation that
related to random numbers from Go language, such as the
the execution fails continuously, the smart contracts may
global variable, random number generation, system timestamp,
be under the DoS attack.
map structure iteration, reified object addresses, field declara-
• Launching DoS through the gas limit: As mentioned
tions, and concurrency of program [38]. This non-determinism
above, Ethereum stipulates the gas limit that each block
in smart contracts will lead to inconsistent results after the
can spend, and if it exceeds the limit, the normal op-
contract execution and may violate the availability of IoT
erations will fail. Some operations (e.g., transferring an
applications.
asset to all users at one time) are very likely to reach the
Fake EOS: Malicious users can conduct fake transactions
upper bound of the block gas limit. Thus, if the cost of
by issuing an EOS-based fake token and naming it “EOS”,
gas is controlled, the attacker will achieve his malicious
and then transferring fake EOS tokens to the account of a
purpose.
target contract. If the contract developer forgets to detect the
token issuer, the fake token will be mistakenly regarded as the Dynamic Library Attack: Consider a case when invoking
real EOS token [81]. Apart from that, if attackers force the a contract that can update several parts of its components
transfer function of the target contract to be invoked, and the dynamically [29]. Although no one can modify the contract
target contract does not detect the source of transfer, attackers code once it is issued on the blockchain, it is possible for a
can write the fake transfer notification into transfer function malicious contract owner to write a smart contract with up-
to fool the developers. datable components. If so, the owner can attach a controllable
3) Attacks against Smart Contracts: Here we mainly review component which may impair the IoT system to this specific
the existing attacks against smart contracts in the IoT environ- smart contract. This attack exploits the transaction-ordering
ment. These attacks more or less take advantage of the above- dependence vulnerability mentioned above.
mentioned particularities and vulnerabilities of blockchain RAMsomware Attack: This attack is a classic time-of-
network and smart contracts. Once the attack is launched, it check to time-of-use (TOCTOU) attack which leverages the
will cause huge losses to the IoT system and participants. EOS feature that developers can update their smart contracts
Reentrancy Attack: In Ethereum, when a contract invokes without notifying their users [88]. Assuming that an attacker
another contract, the current execution process will suspend has the eosio.code permission of users and creates a malicious
until the call finishes, which results in an intermediate state smart contract that invokes itself recursively while storing
that can be exploited. The hacker utilizes the intermediate state useless information to drain the victims’ EOS-RAM. In this
to submit another call when the contract has not finished the way, the EOS-RAM will be locked until the attacker stops the
external call, thus the reentrancy attack happens [82]. The occupation and the related IoT applications will be severely
DAO attack mentioned above is manipulated by this attack. affected. In the meanwhile, the attacker can ask for a ransom
With this threat, hackers can track the transaction and then in exchange for releasing the RAM resource.
steal or falsify the critical information of users or products in
IoT applications [93].
Eclipse Attack: The eclipse attack [85] is a network attack IV. S OLUTIONS TO THE S ECURITY I SSUES
implemented by other nodes. The attack technique is to hoard
and occupy the peer-to-peer connection slots of a node, keep- The issues shown above have seriously harmed the interests
ing it in an isolated network. More specifically, the attack aims of many owners. Especially in complex IoT environments,
to block the latest blockchain information from the eclipse we need to fully understand these universal problems before
node, thereby isolating the node from other normal nodes in applying smart contracts and take corresponding preventive
the network. In this way, the victim node becomes unable measures. Fortunately, more and more researchers have begun
to see the blockchain information, hence it is delayed to see to study the solutions towards these issues in recent years.
various parameters that may be used in internal computations Here we summarize these feasible solutions in response to the
of the smart contract, resulting in an incorrect output of the security issues for each part (c.f. Table III).
Things Journal
A. Fixing the Inherently Vulnerable Particularities up a unique context for the output as a precondition to be
executed. Using logical clocks to order causally related events
Observability: Knowing that issue, developers are required
in Ethereum is also a helpful tip.
to be more careful with their programming. It is necessary to Read after Write: Zhang et al. [79] analyzed the relation-
standardize the process of programming the smart contract ship between the read set and write set between transactions
and detect the potential vulnerabilities of the code before and then designed a cache layer between the distributed appli-
releasing it to minimize the risk of open-source contracts. cation client and the Fabric network to address the potential
For the privacy protection of smart contracts, most researches problem of non-deterministic transactions caused by read-
are improvements based on blockchain privacy, combining write conflicts. This cache layer guarantees that the conflicting
multiple cryptographic technologies [25], [94], [95]. Hyper- transactions must be waiting until the previous transactions are
ledger Fabric has optimized access control and refined the committed.
authority granularity of smart contract nodes. Different users
have specific authorities to deploy, query, or execute smart B. Security Audit for Programming Vulnerabilities
contracts [45]. Besides, some researchers employ the trusted
Considering the uniqueness of its immutability and ob-
execution environment (TEE) to preserve the privacy of smart
servability, it is significant for a smart contract to conduct
contracts while ensuring the integrity and availability of open-
a comprehensive and in-depth code security audit to eliminate
source blockchain platforms [96].
vulnerabilities and reduce security risks to ensure the reliable
Immutability: To tackle the issue of immutability, Marino
operation of the IoT businesses on the blockchain and protect
et al. [73] presented a series of standards to alter or repeal
the safety of devices before it goes online. Smart contract
smart contracts. Such standards are taken from contract law
audit is a process of deploying the contract to the testnet,
and then redefined to fit in the context of smart contracts.
carefully studying the code, reviewing vulnerabilities, errors
After being tested in Ethereum, these standards are proved
and risks, and then reporting how to amend it by experienced
to be practicable. However, it is kind of against the original
audit personnel. However, it is worth noting that the audit
design principles of Ethereum.
simply means that the contract code has been inspected by
Lack of Trustworthy Data Feeds: Many researchers are experts and it is basically safe. No one can completely ensure
working on addressing the oracle problem to mitigate the trust that the contract would not make mistakes or create bugs in
conflict between oracles and the trustless execution of smart the future.
contracts. Zhang et al. [75] proposed a Town Crier (TC) solu- Here, we mainly discuss three commonly-used automated
tion, which includes a TC contract hosted on the blockchain audit methods, then introduce several representative tools
and a TC server outside the blockchain. To acquire the needed based on them.
external data, a user contract first sends a request to the TC Signature Matching: Signature matching, which comes
contract. Then the TC contract forwards it to the TC server, from the traditional anti-virus approach, is to extract the
and the server communicates with the external data sources abstract signatures from malicious code and then match the
via HTTPS. Authors in [76] built multiple distributed oracle signatures with new static code. A signature is the digital
servers for IoT using Intel SGX to support data availability fingerprint of a piece of malware. It is a unique string of bits,
and integrity. a binary pattern representing the malware. The advantages of
Randomness Generation: According to the official recom- this method are obvious. First, the audit is fast, because it is
mendation of Solidity, contract developers can use third-party just a string match to the source code. The second is that it
services such as Oraclize to obtain safer random numbers. can respond quickly to new vulnerabilities, because this audit
In Oraclize, the random data is generated with a document method is often developed as a plug-in. If a new vulnerability
called authenticity proof. The authenticity proofs can build occurs, developers can quickly submit new matching patterns.
upon secure element-based techniques such as auditable virtual However, the false negative rate of signature matching is a
machines and TEEs [78]. little high because some parts of the process are not consistent
Timestamp Dependence: Block timestamps should not with the traditional static code audit. In traditional static audit
be the decisive factor (either directly or via derivation) for methods (e.g., APP detection), developers will call relatively
changing an important state. Thus, it is recommended to use stable functions from the library to audit. But functions and
safer items such as the fixed value of block.number [26] and signatures in smart contracts are more versatile.
an average block time to estimate time in smart contracts, SCaaS [97] is a smart contract audit engine through sig-
because the block number is not as easy to be manipulated by nature matching and machine learning techniques. It firstly
malicious miners. decomposes the contract code from syntax and semantic levels,
Transaction-Ordering Dependence: To tackle this issue, then classifies and identifies signatures by dynamic K-Means
a guarantee is required that the result of an external call of a clustering, and retrains the model with old and new additional
smart contract is either an expected output or a failure, even datasets through incremental learning. In [98], the author
given the non-deterministic execution order of transactions. proposed another audit solution. The solution translates the
Authors in [26] suggested a guard condition as a solution, EVM bytecode into RGB color code and transforms the color
ensuring that the confirmation of each transaction is dependent code to a fixed sized encoded image. Then, the encoded image
on the guard condition satisfaction, otherwise the transaction is fed to the CNN for automatic signature extraction and
will be discarded. Another suggestion for developers is to set learning to detect compiler bugs in smart contracts.
Things Journal
Formal Verification: Formal verification in software is In [104], the EthIR framework was proposed to extend Oyente
to verify the reliability of programs in a logical language, for two purposes: a) to recover the list of addresses for uncon-
that is, constructing abstract formal models such as state ditional blocks with more than one possible jump address (as
machines or directed graphs for finite state programs, and Oyente originally only kept the last processed one), and b) to
then verifying the abstract formulas by formal methods of add more explicit information to the CFG. Another security
mathematics. The main approaches to implementing formal audit tool for smart contracts is Mythril [105]. Mythril adopts
verification consist of abstract interpretation, theorem proving multiple detecting techniques including the Concolic analysis,
and model checking. In 2016, formal verification was intro- taint analysis and control flow checking. The entire process
duced to audit smart contracts by Bhargavan et al. [99]. They of analysis is based on a special symbolic execution library
translated Solidity into F* language to verify the functional designed for EVM bytecode called laser-Ethereum. Authors
correctness of source level and decompiled EVM bytecode to in [92] implemented MAIAN for detecting greedy, prodigal
analyze low-level properties. In [100], the authors used logical and suicidal behaviors of Ethereum smart contracts via inter-
framework Isabelle/HOL to split the bytecode into basic procedural symbolic analysis and concrete validator. Manti-
blocks when auditing the Ethereum smart contracts. Kalra et core [106] is another symbolic execution tool that generates
al. [101] implemented abstract interpretation, model checking, inputs that trigger the particular program paths, tracks their
and constrained horn clauses to audit smart contracts quite executions and discovers the vulnerable input with memory
quickly. KEVM [102] was designed as an executable formal security violations. Tsankov et al. [107] developed a fully
specification of EVM bytecode built by the K framework, automated tool called Securify to symbolically identify critical
serving as a solid foundation for further formal analysis. dependency graphs, extract the semantic information, and
Brent et al. [80] proposed Vandal to translate EVM bytecode prove the safety of contract patterns according to given prop-
to logic semantic relations via abstract interpretation. Then erties. Krupp et al. [108] presented a more generic definition
Vandal analyzes the logic relations to audit contracts and find of vulnerable contracts and built a symbolic execution tool
out vulnerabilities with the Soufflé language. Anastasia et called teEther for automatic exploit generation based on this
al. [103] presented an end-to-end framework, VeriSolid, which definition. Zhou et al. [109] also proposed a tool called SASC
provides graphical editors with distinct patterns to specificate to detect six security risks through symbolic execution and
the transition systems and natural-like language templates for syntax analysis.
formal security properties. While symbolic execution is indeed a powerful generic
Basically, the formal verification of smart contracts includes technique to facilitate contract auditing, it cannot traverse all
three steps: a) a formal description of the functions to be com- code paths and it takes longer running time for auditing a
pleted by the contract; c) a formal description of the contract smart contract than other methods.
code; b) verification. This method provides more stringent In Table IV, we summarize the three audit methods and the
security for smart contracts while the level of automation is representative audit tools for these methods.
lower, the cost is higher, and the research difficulty is greater.
Symbolic Execution: Symbolic execution [26] refers to a
method of program analysis to determine which input vectors C. Countermeasures for Smart Contract Attacks for the IoT
correspond to the result vector of a program. The core idea is Reentrancy Attack: We introduce two programming tech-
to use symbolic values to represent the input data of a pro- niques in Solidity that can help avoid potential reentrancy at-
gram, and to convert the operation process into mathematical tacks here. The first is to apply the Checks-Effects-Interactions
expressions by statements, to generate a symbolic execution pattern [83], a way to make sure that all internal work such
tree based on a control flow graph (CFG) and create a series as changing state variables finishes before calling any external
of symbolic expressions with input data as variables for each functions. In other words, this is a better programming pattern
path. During symbolic execution, whenever a judgment or a for executing the external call at the end of a contract. The
jump statement is encountered, the symbolic execution tool second is to use a mutex [84] to alleviate the reentrancy
will collect all path constraints of the current execution path problem. A mutex is a state variable that locks several states of
into a constraint set. Specifically, a path constraint refers to the the smart contract when it is being executed. Only the contract
value of the conditional branch associated with input symbols owner can unlock the states.
in the program branch instruction. And a path constraint set Eclipse Attack: Researchers who found this attack have
stores the constraints from each program path. Using the come up with some countermeasures [86]. First, set an upper
constraint solver to solve the constraint set, the accessibility limit on the number of incoming TCP connections to force all
of the path can be obtained. If the constraint solver has a clients to mix the incoming and outgoing TCP connections.
certain solution, that means the path is reachable, otherwise Another way is to ensure that each Ethereum network node
the path is unreachable. In an ideal case with abundant time will almost always make the outgoing connections to various
and computing resources, symbolic execution can traverse all other peers on the same network, limiting the actual number
the paths of the target program to judge the reachability of of outgoing connections to comprehensively isolate legitimate
these paths. users from other users. Although they cannot completely
Oyente [26] was the first audit tool based on symbolic prevent the eclipse attack, they have expanded the number of
execution. It can extract CFG from the EVM bytecode, malicious nodes required to launch such attack from only two
and symbolically execute it to detect vulnerability patterns. to thousands. Fortunately, Ethereum developers have already
Things Journal
TABLE IV: The summary of the common security audit methods.

Methods Main ideas Pros Cons Representative tools
Extract the abstract signatures and a) Short audit time
Signature SCaaS [97],
match the signatures with new static b) Fast response High false negative rate
matching Color-inspired Inspection [98]
code c) Easy to implement
Construct abstract formal models for F* Framework [99],
Formal a) High cost
finite state programs, then verify the Low false negative Isabelle/HOL Framework [100],
verifica- b) Low-level automation
abstract formulas by formal methods rate ZEUS [101], KEVM [102],
tion c) Difficult to implement
of mathematics Vandal [80], VeriSolid [103]
Oyente [26], EthIR [104],
Use symbolic values to represent the
Symbolic Low false negative Mythril [105], MAIAN [92],
input data and convert the operation Long audit time
execution rate Manticore [106], Securify [107],
process into symbolic expressions
teEther [108], SASC [109]
implemented corresponding patches to fix the problem. So details and transactions since most IoT devices are
users only need to upgrade their clients to 1.8.1. environment-detecting sensors that collect a huge amount
DoS Attack: In the first case, a feasible solution is to use of users’ sensitive data. Apparently, this transparency also
a time-lock. If the result of executing an external function attracts attackers a lot and creates a higher probability of
changes the state of the contract, developers should fore- being attacked [19].
thoughtfully prepare to cope with the potential failures that • For IoT devices with limited energy supply or constrained
may occur and adopt a time-based state progression in the environment, the communication between devices is in-
contract to prevent DoS attacks. In the second case, users termittent. Therefore, when authorizing and verifying an
should avoid using the operations that can be artificially IoT device, it is common that the device is offline. This
manipulated to reach the gas limit by external users. As for the situation may influnce the transmission of the information
Ethereum developers, a more dynamic adjustment of gas cost flow involving smart contracts, even resulting in a tem-
is necessary to thwart operations prone to DoS attacks [87]. porary suspension [110]. In actual application scenarios,
RAMsomware attack: For developers and users, they the lack of network connectivity may affect the correct
should be more careful with the source contract code and only execution of the smart contract in traditional blockchain
give their permission code to the trusted service providers. platforms and lead to a great loss of money consequently.
Apart from that, authors in [88] suggested a fine-grained • Since the technology of blockchain-based smart contracts
permission control strategy which should ensure a user can itself is still wildly understudied and very few real-world
set a specific available period for the permission so that killer applications of blockchains [32] and smart contracts
the permission could be terminated anytime in case of the have been deployed in the IoT for a long time, we are
RAMsomware attack. unaware of more practical security issues and how they
affect each part of the whole IoT system. Only time willl
V. C HALLENGES AND F UTURE D IRECTIONS let us know more about this topic.
A. Challenges B. Future Directions

Although there have been a number of real-world applica- From our viewpoint, there are some research directions for
tions and security solutions, the usage of smart contracts for improving the security of smart contracts for the IoT:
the IoT is still in its infancy. We now discuss the remaining Empirical Evaluation of Security Audit Tools: The urgent
challenges in tackling the security issues and some relevant need for securing smart contracts in business has promoted the
research directions in the future. prosperity and development of security audit tools. As men-
• Despite the diversity of security audit tools for smart tioned above, their performances differ in accuracy, efficiency,
contracts, the security issues and processing capacity they effectiveness, and so on. We notice the scarcity of compre-
can handle vary greatly. Most audit tools can only detect hensive assessing experiments and literatures of security audit
a small fraction of the known vulnerabilities and the tools for developers to refer to, especially concerning the IoT.
accuracy remains to be improved [74]. Besides, existing Hence, we are looking forward to more empirical research
tools are still neither fully automated nor efficient enough, works to fill this gap.
especially for mass use in IoT industries. There is still a Smart Contract Encryption: The transaction contents of
long way to go for shortening the audit time and reducing the trading participants, contract code, as well as the execution
the cost of them. process of decentralized applications are of great value to IoT
• To retain the transparency and supervisability of service providers and users. Therefore, the implementation of
blockchain, the transaction records and bytecode of privacy-preserving smart contracts indicates a more reliable
Ethereum-like smart contracts are also transparent [25]. and economic IoT system in the real world. Many encryption
These features could be inappropriate for the cases that techniques are able to protect the security of private data
IoT users or service providers demand private contract involved in smart contracts, such as TEEs [96], homomorphic
Things Journal
encryption, ring signature, and zero-knowledge proof [25]. [2] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and
Researchers should figure out how to use these techniques M. Ayyash, “Internet of Things: A survey on enabling technologies,
protocols, and applications,” IEEE Communications Surveys & Tutori-
and take into account limited IoT resources to provide a als, vol. 17, no. 4, pp. 2347–2376, Jun. 2015.
blockchain-based IoT system with secure, reliable and con- [3] H. Jiang, J. Li, P. Zhao, F. Zeng, Z. Xiao, and A. Iyengar, “Location
venient private smart contract execution capabilities. privacy-preserving mechanisms in location-based services: A compre-
hensive survey,” ACM Computing Surveys, vol. 54, no. 1, pp. 1–36,
Adoption of Suitable Communication Protocols: Smart 2021.
contracts need to communicate with a third-party system [4] M. Mohsin, Z. Anwar, F. Zaman, and E. Al-Shaer, “IoTChecker: A
or other IoT devices to execute their functions. Facing the data-driven framework for security analytics of Internet of Things
configurations,” Computers & Security, vol. 70, pp. 199–223, Sep.
intermittent connectivity issue, the blockchain system should 2017.
get recovered from the network failure by aggregating the data [5] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A survey
from different subnets in a short time. One potential direction on Internet of Things: Architecture, enabling technologies, security and
privacy, and applications,” IEEE Internet of Things Journal, vol. 4,
is to utilize Named Data Networking (NDN), a new type no. 5, pp. 1125–1142, Oct. 2017.
of network architecture that supports features including in- [6] T. Qiu, N. Chen, K. Li, M. Atiquzzaman, and W. Zhao, “How can
network caching and built-in content multicast to improve the heterogeneous Internet of Things build our future: A survey,” IEEE
Communications Surveys & Tutorials, vol. 20, no. 3, pp. 2011–2027,
efficiency of data delivery for intermittent IoT networks [111]. Feb. 2018.
Regulation of Programming Languages: In case of the [7] N. Kshetri, “Can blockchain strengthen the Internet of Things?” IT
Professional, vol. 19, no. 4, pp. 68–72, Aug. 2017.
potential high security risks of programming the smart con- [8] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of
tracts [72], it is of vital importance to summarize the excellent trust: A decentralized blockchain-based authentication system for IoT,”
models of smart contracts, develop standard smart contract Computers & Security, vol. 78, pp. 126–142, Jun. 2018.
[9] Y. Sun, L. Zhang, G. Feng, B. Yang, B. Cao, and M. A. Imran,
templates, and standardize the grammatical and semantic for- “Blockchain-enabled wireless Internet of Things: Performance analysis
mats of programming languages (if necessary, to design new and optimal communication node deployment,” IEEE Internet of Things
secure languages) and the writing of smart contracts with Journal, vol. 6, no. 3, pp. 5791–5802, Jun. 2019.
[10] “Blockchain for smart communities: Applications, challenges and op-
certain regulations to improve the quality and security of smart portunities,” Journal of Network and Computer Applications, vol. 144,
contracts. pp. 13 – 48, Jun. 2019.
[11] G. Ali, N. Ahmad, Y. Cao, M. Asif, H. Cruickshank, and Q. E. Ali,
“Blockchain based permission delegation and access control in Internet
VI. C ONCLUSION of Things (BACI),” Computers & Security, vol. 86, pp. 318–334, Jun.
2019.
With the rapidly proliferating IoT applications, the devel- [12] J. Qiu, D. Grace, G. Ding, J. Yao, and Q. Wu, “Blockchain-based
secure spectrum trading for unmanned-aerial-vehicle-assisted cellular
opment of effective and efficient smart contract mechanisms networks: An operator’s perspective,” IEEE Internet of Things Journal,
with enhanced security is a new and active field which will vol. 7, no. 1, pp. 451–466, 2020.
continue to thrive. In this survey, we present the security [13] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” https:
//bitcoin.org/bitcoin.pdf, 2008.
issues, corresponding solutions, research challenges as well [14] E. F. Jesus, V. R. Chicarino, C. V. de Albuquerque, and A. A. d. A.
as future directions in the integration between smart contracts Rocha, “A survey of how to use blockchain to secure internet of things
and the IoT for the first time, with a focus on three important and the stalker attack,” Security and Communication Networks, vol.
2018, Apr. 2018.
aspects: inherently vulnerable particularities, programming [15] M. Wu, K. Wang, X. Cai, S. Guo, M. Guo, and C. Rong, “A
vulnerabilities, and feasible attacks. comprehensive survey of blockchain: from theory to IoT applications
and beyond,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8114–
Looking into the future, we have some advice for both de- 8154, Oct. 2019.
velopers and IoT project parties. For developers, it is necessary [16] W. Dai, C. Daia, K. R. Choo, C. Cui, D. Zou, and H. Jin, “SDTE: A
to fully realize that the actual operating environment of the secure blockchain-based data trading ecosystem,” IEEE Transactions
on Information Forensics and Security, vol. 15, pp. 725–737, 2020.
contract being written is an untrusted distributed environment. [17] J.-S. Park, T.-Y. Youn, H.-B. Kim, K.-H. Rhee, and S.-U. Shin, “Smart
Therefore, it is crucial to well balance the development speed contract-based review system for an IoT data marketplace,” Sensors,
and security. During the process of the development, a reward vol. 18, no. 10, p. 3577, Oct. 2018.
[18] Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, “Smart contract-
mechanism can be introduced in the early days to allow based access control for the Internet of Things,” IEEE Internet of
hackers or community members to jointly discover the vul- Things Journal, vol. 6, no. 2, pp. 1594–1605, Apr. 2019.
nerabilities. For IoT project parties, it is necessary to provide [19] Y. Hanada, L. Hsiao, and P. Levis, “Smart contracts for machine-
to-machine communication: Possibilities and limitations,” in Proc. of
sufficient security training for smart contract developers to International Conference on Internet of Things and Intelligence System
ensure security awareness during development. The design of (IOTAIS), Nov. 2018, pp. 130–136.
smart contracts also requires the deep involvement of security [20] S. Ali, G. Wang, M. Z. A. Bhuiyan, and H. Jiang, “Se-
cure data provenance in cloud-centric internet of things via
personnel, preferably in design, development, and testing. blockchain smart contracts,” in Proc. of SmartWorld, Ubiquitous
At last, do not forget to ensure sufficient resources in code Intelligence & Computing, Advanced & Trusted Computing, Scal-
auditing and security testing, which are inner consistency with able Computing & Communications, Cloud & Big Data Com-
puting, Internet of People and Smart City Innovation (Smart-
the objective of this survey. World/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Oct. 2018, pp. 991–
998.
[21] X. Huang, D. Ye, R. Yu, and L. Shu, “Securing parked vehicle assisted
R EFERENCES fog computing with blockchain and optimal smart contract design,”
IEEE/CAA Journal of Automatica Sinica, vol. 7, no. 2, pp. 426–441,
[1] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internet Mar. 2020.
of Things for smart cities,” IEEE Internet of Things Journal, vol. 1, [22] N. Szabo, “Formalizing and securing relationships on public networks,”
no. 1, pp. 22–32, Feb. 2014. First Monday, vol. 2, no. 9, Sep. 1997.
Things Journal
[23] V. Buterin, “A next-generation smart contract and decentralized appli- [46] E. IO, “EOS. IO technical white paper,” EOS. IO (accessed 18
cation platform,” https://github.com/ethereum/wiki/wiki/White-Paper, December 2017) https://github.com/EOSIO/Documentation, 2017.
2016. [47] T. Foundation, “TRON technical white paper v2.0,” TRON Foundation
[24] S. Wang, L. Ouyang, Y. Yuan, X. Ni, X. Han, and F.-Y. Wang, (accessed 10 December 2018) https://tron.network/static/doc/, 2018.
“Blockchain-enabled smart contracts: Architecture, applications, and [48] R. Alexander, IOTA - Introduction to the Tangle Technology: Every-
future trends,” IEEE Transactions on Systems, Man, and Cybernetics: thing You Need to Know about the Revolutionary Blockchain Alterna-
Systems, vol. 49, no. 11, pp. 2266–2277, Nov. 2019. tive. Independently published, 2018.
[25] A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou, “Hawk: [49] Y. Yu, Y. Li, J. Tian, and J. Liu, “Blockchain-based solutions to
The blockchain model of cryptography and privacy-preserving smart security and privacy issues in the Internet of Things,” IEEE Wireless
contracts,” in Proc. of IEEE S&P, May 2016, pp. 839–858. Communications, vol. 25, no. 6, pp. 12–18, Dec. 2018.
[26] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart [50] M. N. Islam and S. Kundu, “Preserving IoT privacy in sharing economy
contracts smarter,” in Proc. of ACM CCS, Oct. 2016, pp. 254–269. via smart contract,” in Proc. of IEEE International Conference on
[27] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security Internet-of-Things Design and Implementation (IoTDI), Apr. 2018, pp.
of blockchain systems,” Future Generation Computer Systems, vol. 296–297.
107, pp. 841–853, Jun. 2020. [51] S. Wang, Y. Yuan, X. Wang, J. Li, R. Qin, and F.-Y. Wang, “An
[28] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts overview of smart contract: architecture, applications, and future
for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, May trends,” in Proc. of IEEE Intelligent Vehicles Symposium, Jun. 2018,
2016. pp. 108–113.
[29] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum [52] A. F. Zorzo, H. C. Nunes, R. C. Lunardi, R. A. Michelin, and S. S.
smart contracts,” in Proc. of International Conference on Principles of Kanhere, “Dependable IoT using blockchain-based technology,” in
Security and Trust, Mar. 2017, pp. 164–186. Proc. of 8th Latin-American Symposium on Dependable Computing,
[30] A. Dika, “Ethereum smart contracts: Security vulnerabilities and secu- Oct. 2018, pp. 1–9.
rity tools,” Master’s thesis, NTNU, 2017. [53] G. Ramezan and C. Leung, “A blockchain-based contractual routing
[31] M. Alharby and A. Van Moorsel, “Blockchain-based smart contracts: protocol for the Internet of Things using smart contracts,” Wireless
A systematic mapping study of academic research (2018),” in Proc. Communications and Mobile Computing, vol. 2018, Nov. 2018.
of International Conference on Cloud Computing, Big Data and [54] Z. Shae and J. Tsai, “Transform blockchain into distributed parallel
Blockchain (ICCBB), Nov. 2018, pp. 1–6. computing architecture for precision medicine,” in Proc. of 38th
[32] N. Fotiou and G. C. Polyzos, “Smart contracts for the Internet of International Conference on Distributed Computing Systems (ICDCS),
Things: Opportunities and challenges,” in Proc. of European Confer- Jul. 2018, pp. 1290–1299.
ence on Networks and Communications, Jun. 2018, pp. 256–260. [55] I. Psaras, “Decentralised edge-computing and IoT through distributed
[33] M. A. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L. Maglaras, trust,” in Proc. of 16th International Conference on Mobile Systems,
and H. Janicke, “Blockchain technologies for the Internet of Things: Applications, and Services, Jun. 2018, pp. 505–507.
Research issues and challenges,” IEEE Internet of Things Journal, [56] J. Pan, J. Wang, A. Hester, I. Alqerm, Y. Liu, and Y. Zhao, “Edgechain:
vol. 6, no. 2, pp. 2188–2204, Apr. 2019. An edge-IoT framework and prototype based on blockchain and smart
[34] J. Liu and Z. Liu, “A survey on security verification of blockchain contracts,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4719–
smart contracts,” IEEE Access, vol. 7, pp. 77 894–77 904, Jun. 2019. 4732, Jun. 2019.
[35] S. Rouhani and R. Deters, “Security, performance, and applications of [57] S. Chen, R. Shi, Z. Ren, J. Yan, Y. Shi, and J. Zhang, “A blockchain-
smart contracts: A systematic survey,” IEEE Access, vol. 7, pp. 50 759– based supply chain quality management framework,” in Proc. of 14th
50 779, Apr. 2019. IEEE International Conference on e-Business Engineering (ICEBE),
[36] M. Di Angelo and G. Salzer, “A survey of tools for analyzing Nov. 2017, pp. 172–176.
ethereum smart contracts,” in Proc. of IEEE International Conference [58] R. Casado-Vara, J. Prieto, F. De la Prieta, and J. M. Corchado, “How
on Decentralized Applications and Infrastructures (DAPPCON), Apr. blockchain improves the supply chain: Case study alimentary supply
2019, pp. 69–78. chain,” Procedia computer science, vol. 134, pp. 393–398, Jul. 2018.
[37] M. Demir, M. Alalfi, O. Turetken, and A. Ferworn, “Security smells [59] A. Alahmadi and X. Lin, “Towards secure and fair IoT-enabled supply
in smart contracts,” in Proc. of IEEE 19th International Conference on chain management via blockchain-based smart contracts,” in Proc. of
Software Quality, Reliability and Security Companion (QRS-C), Jul. IEEE International Conference on Communications (ICC), May 2019,
2019, pp. 442–449. pp. 1–7.
[38] K. Yamashita, Y. Nomura, E. Zhou, B. Pi, and S. Jun, “Potential risks [60] L. Augusto, R. Costa, J. Ferreira, and R. Jardim-Gonçalves, “An
of hyperledger fabric smart contracts,” in Proc. of IEEE International application of ethereum smart contracts and IoT to logistics,” in Proc.
Workshop on Blockchain Oriented Software Engineering, Feb. 2019, of IEEE International Young Engineers Forum (YEF-ECE), May 2019,
pp. 1–10. pp. 1–7.
[39] G. Schmitt, A. Mladenow, C. Strauss, and M. Schaffhauser-Linzatti, [61] H. Moudoud, S. Cherkaoui, and L. Khoukhi, “An IoT blockchain
“Smart contracts and Internet of Things: A qualitative content analysis architecture using oracles and smart contracts: The use-case of a food
using the technology-organization-environment framework to identify supply chain,” in Proc. of 30th IEEE Annual International Symposium
key-determinants,” Procedia Computer Science, vol. 160, pp. 189–196, on Personal, Indoor and Mobile Radio Communications (PIMRC), Sep.
Sep. 2019. 2019, pp. 1–6.
[40] S. Sayeed, H. Marco-Gisbert, and T. Caira, “Smart contract: Attacks [62] S. E. Chang, Y.-C. Chen, and M.-F. Lu, “Supply chain re-engineering
and protections,” IEEE Access, vol. 8, pp. 24 416–24 427, Jan. 2020. using blockchain technology: A case of smart contract based tracking
[41] Z. Zheng, S. Xie, H.-N. Dai, W. Chen, X. Chen, J. Weng, and M. Imran, process,” Technological Forecasting and Social Change, vol. 144, pp.
“An overview on smart contracts: Challenges, advances and platforms,” 1–11, Jul. 2019.
Future Generation Computer Systems, vol. 105, pp. 475–491, Apr. [63] M. A. Ferrag, L. Shu, X. Yang, A. Derhab, and L. Maglaras, “Security
2020. and privacy for green IoT-based agriculture: Review, blockchain solu-
[42] A. López Vivar, A. T. Castedo, A. L. Sandoval Orozco, and L. J. tions, and challenges,” IEEE Access, vol. 8, pp. 32 031–32 053, Feb.
Garcı́a Villalba, “An analysis of smart contracts security threats along- 2020.
side existing solutions.” Entropy, vol. 22, no. 2, pp. 203–203, Feb. [64] T. Bocek, B. B. Rodrigues, T. Strasser, and B. Stiller, “Blockchains
2020. everywhere-a use-case of blockchains in the pharma supply-chain,” in
[43] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “An overview of Proc. of IFIP/IEEE Symposium on Integrated Network and Service
blockchain technology: Architecture, consensus, and future trends,” in Management, May 2017, pp. 772–777.
Proc. of IEEE International Congress on Big Data, Jun. 2017, pp. [65] A. S. Omar and O. Basir, “Identity management in IoT networks using
557–564. blockchain and smart contracts,” in Proc. of International Conference
[44] S. Wan, M. Li, G. Liu, and C. Wang, “Recent advances in consensus on Internet of Things (iThings) and IEEE Green Computing and
protocols for blockchain: a survey,” Wireless Networks, vol. 26, no. 8, Communications (GreenCom) and IEEE Cyber, Physical and Social
pp. 5579C–5593, Nov. 2020. Computing (CPSCom) and IEEE Smart Data (SmartData), Aug. 2018,
[45] C. Cachin et al., “Architecture of the hyperledger blockchain fabric,” pp. 994–1000.
in Proc. of Workshop on distributed cryptocurrencies and consensus [66] N. Fotiou, I. Pittaras, V. A. Siris, S. Voulgaris, and G. C. Polyzos,
ledgers, vol. 310, no. 4, 2016. “Secure IoT access at scale using blockchains and smart contracts,” in
Things Journal
Proc. of 20th IEEE International Symposium on” A World of Wireless, [90] F. Alkurdi, I. Elgendi, K. S. Munasinghe, D. Sharma, and A. Ja-
Mobile and Multimedia Networks”(WoWMoM), Jun. 2019, pp. 1–6. malipour, “Blockchain in IoT security: a survey,” in Proc. of 28th
[67] V. A. Siris, D. Dimopoulos, N. Fotiou, S. Voulgaris, and G. C. Polyzos, IEEE International Telecommunication Networks and Applications
“Trusted D2D-based IoT resource access using smart contracts,” in Conference (ITNAC), Nov. 2018, pp. 1–4.
Proc. of 20th IEEE International Symposium on” A World of Wireless, [91] G. Caldarelli, C. Rossignoli, and A. Zardini, “Overcoming the
Mobile and Multimedia Networks”(WoWMoM), Jun. 2019, pp. 1–9. blockchain oracle problem in the traceability of non-fungible products,”
[68] T. Sultana, A. Almogren, M. Akbar, M. Zuair, I. Ullah, and N. Javaid, Sustainability, vol. 12, no. 6, p. 2391, Mar. 2020.
“Data sharing system integrating access control mechanism using [92] I. Nikolić, A. Kolluri, I. Sergey, P. Saxena, and A. Hobor, “Finding the
blockchain-based smart contracts for IoT devices,” Applied Sciences, greedy, prodigal, and suicidal contracts at scale,” in Proc. of Annual
vol. 10, no. 2, p. 488, Jan. 2020. Computer Security Applications Conference, Dec. 2018, pp. 653–663.
[69] Y. Nakamura, Y. Zhang, M. Sasabe, and S. Kasahara, “Exploiting smart [93] T. Kumar, A. Braeken, V. Ramani, I. Ahmad, E. Harjula, and M. Yliant-
contracts for capability-based access control in the Internet of Things,” tila, “SEC-BlockEdge: Security threats in blockchain-edge based indus-
Sensors, vol. 20, no. 6, p. 1793, Mar. 2020. trial IoT networks,” in Proc. of IEEE 11th International Workshop on
[70] K. Košt’ál, P. Helebrandt, M. Belluš, M. Ries, and I. Kotuliak, “Man- Resilient Networks Design and Modeling (RNDM), Oct. 2019, pp. 1–7.
agement and monitoring of IoT devices using blockchain,” Sensors, [94] B. Bünz, S. Agrawal, M. Zamani, and D. Boneh, “Zether: Towards
vol. 19, no. 4, p. 856, Feb. 2019. privacy in a smart contract world,” in Proc. of International Conference
[71] S. Huh, S. Cho, and S. Kim, “Managing IoT devices using blockchain on Financial Cryptography and Data Security, Jul. 2020, pp. 423–443.
platform,” in Proc. of International Conference on Advanced Commu- [95] S. Steffen, B. Bichsel, M. Gersbach, N. Melchior, P. Tsankov, and
nication Technology, Feb. 2017, pp. 464–467. M. Vechev, “zkay: Specifying and enforcing data privacy in smart
[72] R. M. Parizi, A. Dehghantanha et al., “Smart contract programming contracts,” in Proc. of ACM SIGSAC Conference on Computer and
languages on blockchains: An empirical evaluation of usability and Communications Security, Nov. 2019, pp. 1759–1776.
security,” in Proc. of International Conference on Blockchain, Jun. [96] R. Yuan, Y.-B. Xia, H.-B. Chen, B.-Y. Zang, and J. Xie, “Shadoweth:
2018, pp. 75–91. Private smart contract on public blockchain,” Journal of Computer
[73] B. Marino and A. Juels, “Setting standards for altering and undoing Science and Technology, vol. 33, no. 3, pp. 542–556, May 2018.
smart contracts,” in Proc. of International Symposium on Rules and [97] “Codefine,” http://www.codefine.io/, 2018.
Rule Markup Languages for the Semantic Web, Jun. 2016, pp. 151– [98] T. H.-D. Huang, “Hunting the ethereum smart contract: Color-inspired
166. inspection of potential attacks,” CoRR, arXiv:1807.01868, 2018.
[74] A. Mense and M. Flatscher, “Security vulnerabilities in ethereum smart [99] K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi,
contracts,” in Proc. of 20th International Conference on Information G. Gonthier, N. Kobeissi, N. Kulatova, A. Rastogi, T. Sibut-Pinote,
Integration and Web-based Applications & Services, Nov. 2018, pp. N. Swamy et al., “Formal verification of smart contracts: Short paper,”
375–380. in Proc. of ACM Workshop on Programming Languages and Analysis
[75] F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi, “Town crier: for Security, Oct. 2016, pp. 91–96.
An authenticated data feed for smart contracts,” in Proc. of ACM CCS, [100] S. Amani, M. Bégel, M. Bortin, and M. Staples, “Towards verifying
Oct. 2016, pp. 270–282. ethereum smart contract bytecode in Isabelle/HOL,” in Proc. of ACM
[76] S. Woo, J. Song, and S. Park, “A distributed oracle using Intel SGX for SIGPLAN International Conference on Certified Programs and Proofs,
blockchain-based IoT applications,” Sensors, vol. 20, no. 9, p. 2725, Jan. 2018, pp. 66–77.
May 2020. [101] S. Kalra, S. Goel, M. Dhawan, and S. Sharma, “Zeus: Analyzing safety
[77] C. Pierrot and B. Wesolowski, “Malleability of the blockchain’s en- of smart contracts,” in Proc. of 25th Annual Network and Distributed
tropy,” Cryptography and Communications, vol. 10, no. 1, pp. 211–233, System Security Symposium, Feb. 2018, pp. 18–21.
Jan. 2018. [102] E. Hildenbrandt, M. Saxena, N. Rodrigues, X. Zhu, P. Daian, D. Guth,
[78] “Oraclize docs,” http://docs.oraclize.it/, 2019. B. Moore, D. Park, Y. Zhang, A. Stefanescu et al., “KEVM: A complete
[79] S. Zhang, E. Zhou, B. Pi, J. Sun, K. Yamashita, and Y. Nomura, “A formal semantics of the ethereum virtual machine,” in Proc. of 31st
solution for the risk of non-deterministic transactions in hyperledger IEEE Computer Security Foundations Symposium, Jul. 2018, pp. 204–
fabric,” in Proc. of IEEE International Conference on Blockchain and 217.
Cryptocurrency (ICBC), May 2019, pp. 253–261. [103] A. Mavridou, A. Laszka, E. Stachtiari, and A. Dubey, “VeriSolid:
[80] L. Brent, A. Jurisevic, M. Kong, E. Liu, F. Gauthier, V. Gramoli, Correct-by-design smart contracts for ethereum,” CoRR,
R. Holz, and B. Scholz, “Vandal: A scalable security analysis frame- arXiv:1901.01292, 2019.
work for smart contracts,” CoRR, arXiv:1809.03981, 2018. [104] E. Albert, P. Gordillo, B. Livshits, A. Rubio, and I. Sergey, “EthIR:
[81] N. He, R. Zhang, L. Wu, H. Wang, X. Luo, Y. Guo, T. Yu, A framework for high-level analysis of ethereum bytecode,” in Proc.
and X. Jiang, “Security analysis of EOSIO smart contracts,” CoRR, of International Symposium on Automated Technology for Verification
arXiv:2003.06568, 2020. and Analysis, Sep. 2018, pp. 513–520.
[82] M. Rodler, W. Li, G. O. Karame, and L. Davi, “Sereum: Protecting [105] B. Mueller, “Smashing ethereum smart contracts for fun and real
existing smart contracts against re-entrancy attacks,” in Proc. of 26th profit,” in Proc. of 9th Annual HITB Security Conference, 2018.
Annual Network and Distributed System Security Symposium, Feb. [106] T. of Bits, “Manticore: Symbolic execution for humans,” https://github.
2019. com/trailofbits/manticore, 2017.
[83] “Solidity docs,” https://solidity.readthedocs.io/en/v0.4.21/ [107] P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and
security-considerations.html/, 2019. M. Vechev, “Securify: Practical security analysis of smart contracts,” in
[84] “Smart contract best practices,” https://consensys.github.io/ Proc. of ACM SIGSAC Conference on Computer and Communications
smart-contract-best-practices/, 2016. Security, Oct. 2018, pp. 67–82.
[85] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks [108] J. Krupp and C. Rossow, “teEther: Gnawing at ethereum to auto-
on bitcoin’s peer-to-peer network,” in Proc. of USENIX Security matically exploit smart contracts,” in Proc. of 27th USENIX Security
Symposium, Aug. 2015, pp. 129–144. Symposium, Aug. 2018, pp. 1317–1333.
[86] Y. Marcus, E. Heilman, and S. Goldberg, “Low-resource eclipse attacks [109] E. Zhou, S. Hua, B. Pi, J. Sun, Y. Nomura, K. Yamashita, and
on ethereum’s peer-to-peer network,” IACR Cryptology ePrint Archive, H. Kurihara, “Security assurance for smart contract,” in Proc. of 9th
pp. 236–240, 2018. IFIP/IEEE International Conference on New Technologies, Mobility
[87] T. Chen, X. Li, Y. Wang, J. Chen, Z. Li, X. Luo, M. H. Au, and and Security, Feb. 2018, pp. 1–5.
X. Zhang, “An adaptive gas cost mechanism for ethereum to defend [110] A. Taherkordi and P. Herrmann, “Pervasive smart contracts for
against under-priced dos attacks,” in Proc. of International Conference blockchains in IoT systems,” in Proc. of International Conference on
on Information Security Practice and Experience, Dec. 2017, pp. 3–24. Blockchain Technology and Application, Dec. 2018, pp. 6–11.
[88] S. Lee, D. Kim, D. Kim, S. Son, and Y. Kim, “Who spent my {EOS}? [111] O. Attia, I. Khoufi, A. Laouiti, and C. Adjih, “An IoT-blockchain
on the (in) security of resource management of eos.io,” in Proc. of 13th architecture based on hyperledger framework for healthcare monitoring
{USENIX} Workshop on Offensive Technologies, Aug. 2019. application,” in Proc. of 10th IFIP International Conference on New
[89] Microsoft, “The stride threat model,” https://docs.microsoft.com/en-us/ Technologies, Mobility and Security (NTMS), Jun. 2019, pp. 1–5.
previous-versions/commerce-server/ee823878(v=cs.20), 2021.
Things Journal
Kai Peng received the B.S., M.S., and Ph.D. degrees Kim-Kwang Raymond Choo received the Ph.D.
from Huazhong University of Science and Technol- degree in information security from the Queens-
ogy, China, in 1999, 2002, and 2006, respectively. land University of Technology, Australia, in 2006.
He is now the faculty of Huazhong University of He currently holds the Cloud Technology Endowed
Science and Technology as a full professor. His Professorship with The University of Texas at San
current research interests are in the areas of wireless Antonio (UTSA). In 2016, he was named the Cyber-
networking and big data processing. security Educator of the Year (APAC). He and his
team won the Digital Forensics Research Challenge
organized by Germany’s University of Erlangen-
Nuremberg, in 2015. He was a recipient of the 2008
Australia Day Achievement Medallion, the British
Computer Society’s Wilkes Award, in 2008, the Fulbright Scholarship, in
2009, the 2014 Highly Commended Award by the Australia New Zealand
Policing Advisory Agency, the 2014 Highly Commended Award by the
Meijun Li received the B.E. degree from Wuhan Australia New Zealand Policing Advisory Agency, the ESORICS 2015 Best
University of Technology, China, in 2018. She is Research Paper Award, the IEEE TrustCom 2018 Best Paper Award, the 2018
currently pursuing the M.S. degree in Electronics UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione
and Information Engineering at Huazhong Univer- Endowed Research Award for Tenured Faculty, the 2019 IEEE Technical
sity of Science and Technology, China. Her research Committee on Scalable Computing (TCSC) Award for Excellence in Scalable
interests include blockchain and Internet of Things. Computing (Middle Career Researcher), the Outstanding Associate Editor of
2018 for IEEE Access, the British Computer Society’s 2019 Wilkes Award
Runner-Up, the 2019 EURASIP Journal on Wireless Communications and
Networking (JWCN) Best Paper Award, the Korea Information Processing
Society’s Journal of Information Processing Systems (JIPS) Survey Paper
Award (Gold) 2019, and the IEEE Blockchain 2019 Outstanding Paper Award.
He is a senior member of IEEE.
Haojun Huang received the B.S. degree from

the School of Computer Science and Technology,
Wuhan University of Technology, China, in 2005,
and the Ph.D. degree in School of Communication
and Information Engineering, University of Elec-
tronic Science and Technology, China, in 2012. He
was a post-doctoral researcher with the Research
Institute of Information Technology, Tsinghua Uni-
versity, Beijing, from 2012 to 2015, and an assistant
professor with Wuhan University, China, from 2015
to 2017. He is currently an associate professor at
Huazhong University of Science and Technology, China. His research interests
include wireless networks, big data, and software-defined networking.
Chen Wang (S’10-M’13-SM’19) received the B.S.

and Ph.D. degrees from the Department of Au-
tomation, Wuhan University, China, in 2008 and
2013, respectively. From 2013 to 2017, he was a
postdoctoral research fellow in the Networked and
Communication Systems Research Lab, Huazhong
University of Science and Technology, China. There-
after, he joined the faculty of Huazhong University
of Science and Technology where he is currently
an associate professor. His research interests are in
the broad areas of wireless networking, Internet of
Things, and mobile computing, with a recent focus on privacy issues in
wireless and mobile systems. He is a senior member of IEEE and ACM.
Shaohua Wan received the joint Ph.D. degree from

the School of Computer, Wuhan University and the
Department of Electrical Engineering and Computer
Science, Northwestern University, USA in 2010.
Since 2015, he has been holding a post-doctoral
position at the State Key Laboratory of Digital Man-
ufacturing Equipment and Technology, Huazhong
University of Science and Technology. From 2016 to
2017, he was a visiting professor at the Department
of Electrical and Computer Engineering, Technical
University of Munich, Germany. He is currently an
associate professor with the School of Information and Safety Engineering,
Zhongnan University of Economics and Law. His main research interests
include deep learning for Internet of Things and edge computing. He is an
author of over 80 peer-reviewed research papers and books. He is a senior
member of IEEE.

Benefits and Use of Smart Contract Page 4, 5, 6

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Benefits and Use of Smart Contract Page 4, 5, 6

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Security Challenges and Opportunities for Smart

TABLE I: A summary of existing surveys related to smart contract security.

Block 0 Block 1 Block 2 ...

Fig. 1: The operating mechanism of smart contracts.

mance and compatibility, most smart contract platforms adopt

TABLE II: The comparison of representative smart contract platforms.

Asset and Device

Fig. 3: The applications of smart contracts for the IoT.

2) Programming Vulnerabilities: Another common security pragma solidity ^0.4.10;

TABLE IV: The summary of the common security audit methods.

A. Challenges B. Future Directions

Haojun Huang received the B.S. degree from

Chen Wang (S’10-M’13-SM’19) received the B.S.

Shaohua Wan received the joint Ph.D. degree from

You might also like