Smart Contract Security: Terminology of a Review

polarzero
4 min readSep 18, 2023

--

Navigating the rambling world of smart contract security can be a challenge, especially when you’re swarmed with a slew of technical jargon. As I’m relatively new to this landscape, I find myself standing on the shoulders of giants, and I’ve learned the importance of understanding its specialized terminology. This article, heavily based on references listed at the end, aims to clarify some of these terms.

The Power of Words: “Security Reviews” vs. “Security Audits”

Before we dive into the technicalities, we should address a significant semantic issue: the terminology we use to describe the process of reviewing/auditing the security aspects of a smart contract. While the term “audits” has long been the industry norm, there is a growing movement advocating for the use of “reviews” as a more accurate and adequate description of the process.

Why “Security Reviews” Resonate Better

The term “audit” conjures representations of a checklist-driven process, which would be centered on compliance and conventional methods. It’s a word inherited from traditional industries, where the primary purpose is to verify that existing systems satisfy predetermined standards; which fails to accurately communicate the dynamic and nuanced nature of smart contract security.

On the other hand, “security review” suggests a more comprehensive, research-oriented process. Which implies looking for innovative attack vectors and potential vulnerabilities that typical checklists may ignore or overlook. This word is more closely aligned with the investigative nature of smart contract evaluation, which frequently involves pushing the boundaries of what’s considered “secure” to uncover hidden risks.

The Cultural Shift

The adjustment from “audits” to “reviews” is not just a semantic issue; it’s a cultural change. As the field of smart contract security continues to evolve, the roles we assume will also undergo diversification. We’re not just “auditors” ticking off boxes; we’re “security researchers” engaged in a rigorous intellectual quest to fortify the decentralized ecosystem. In the fast-paced smart contracts landscape, such an evolution indicates a more mature appreciation of what is required to secure complex, dynamic systems.

The Toolbox: Understanding Key Techniques

Static Analysis: Preliminary Code Assessment

Static analysis is kind of a spell-checker for the code, which identifies common errors without executing the program. While this is a good starting point, it’s nowhere near infallible. Static analysis can catch syntax errors and some vulnerabilities, but can’t predict how the contract will behave under different conditions.

Tools like Slither perform static analysis at the Solidity level, while Mythril analyzes EVM bytecode; Olympix integrates with VSCode and highlights potential threats in real time during the development process.

Fuzzing: Random Testing Techniques

Fuzzing, or fuzz testing, involves providing random data as inputs during testing. While it might seem chaotic at a first glance, fuzzing is incredibly effective at uncovering unexpected vulnerabilities.

There are two variations: stateless and stateful. Stateless fuzzing discards the state of a previous run for the next run, while stateful fuzzing keeps the state of the previous run as the starting point for the next one. Invariant tests are essentially stateful fuzzing but with a different name; they focus on verifying the conditions that must always hold true in a system.

Tools like Echidna and Harvey are often employed for this purpose.

Symbolic Execution and Formal Verification: Mathematical Approaches to Code Validation

Symbolic Execution converts the code into mathematical expressions. This makes it easier to demonstrate their correctness, by using symbolic inputs to represent a set of states and transitions instead of enumerating them individually. As a result, a full study of all conceivable execution routes is feasible without being constrained by testing with actual, imprecise concrete data.

It’s a subset of formal verification, a broader field that uses various mathematical techniques to validate code.

Tools like Mythril and Manticore typically integrate these methods.

The FREI-PI Pattern: A Holistic Perspective on Smart Contract Integrity

The FREI-PI pattern (Function-Requirements-Effects-Interactions and Protocol-Invariants) offers a comprehensive framework for smart contract development. It improves the well-known CEI pattern (Checks-Effects-Interactions), emphasizing the need to consider the whole protocol, not just individual functions. This holistic approach is crucial for both developing robust, secure smart contracts and embracing a “security mindset” that considers the integration of individual components within the larger system.

Read this article on Nascent to learn more about the FREI-PI pattern.

The Synergy of Techniques

While individual methods like fuzzing and formal verification are efficient on their own, it can be rewarding to learn how to use them together for maximum effectiveness. Hybrid fuzzing, for instance, combines fuzzing with symbolic execution to create a “smarter” fuzzer. This interweaving of techniques allows for a more robust and comprehensive security review.

Wrapping Up

It is decisive for any smart contract security researcher to understand these terms and concepts. Thus, I hope this article clarifies this terminology, as it will most likely help when conducting smart contract security 𝑎̶̶̶𝑢̶̶̶𝑑̶̶̶𝑖̶̶̶𝑡̶̶̶𝑠̶̶̶ reviews.

--

--