{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:58:16Z","timestamp":1760147896095,"version":"build-2065373602"},"reference-count":30,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2023,3,10]],"date-time":"2023-03-10T00:00:00Z","timestamp":1678406400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Blockchain, smart contracts, and related concepts have emerged in recent years as a promising technology for cryptocurrency, NFTs, and other areas. However, there are still many security issues that must be addressed as these technologies evolve. This paper reviews some of the leading social engineering attacks on smart contracts, as well as several vulnerabilities which result from insecure code development. A smart contract test bed is constructed using Solidity and a Metamask wallet to evaluate vulnerabilities such as insecure arithmetic, denial of service, and re-entrancy attacks. Cross-chain vulnerabilities and potential vulnerabilities resulting from layer 2 side-chain processing were also investigated. Mitigation best practices are proposed based on the experimental results.<\/jats:p>","DOI":"10.3390\/cryptography7010015","type":"journal-article","created":{"date-parts":[[2023,3,10]],"date-time":"2023-03-10T01:31:41Z","timestamp":1678411901000},"page":"15","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Cybersecurity Test Bed for Smart Contracts"],"prefix":"10.3390","volume":"7","author":[{"given":"Casimer","family":"DeCusatis","sequence":"first","affiliation":[{"name":"School of Computer Science and Mathematics, Marist College, Poughkeepsie, NY 12601, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6719-4311","authenticated-orcid":false,"given":"Brian","family":"Gormanly","sequence":"additional","affiliation":[{"name":"School of Computer Science and Mathematics, Marist College, Poughkeepsie, NY 12601, USA"}]},{"given":"John","family":"Iacino","sequence":"additional","affiliation":[{"name":"School of Computer Science and Mathematics, Marist College, Poughkeepsie, NY 12601, USA"}]},{"given":"Reed","family":"Percelay","sequence":"additional","affiliation":[{"name":"School of Computer Science and Mathematics, Marist College, Poughkeepsie, NY 12601, USA"}]},{"given":"Alex","family":"Pingue","sequence":"additional","affiliation":[{"name":"School of Computer Science and Mathematics, Marist College, Poughkeepsie, NY 12601, USA"}]},{"given":"Justin","family":"Valdez","sequence":"additional","affiliation":[{"name":"School of Computer Science and Mathematics, Marist College, Poughkeepsie, NY 12601, USA"}]}],"member":"1968","published-online":{"date-parts":[[2023,3,10]]},"reference":[{"key":"ref_1","unstructured":"Gaur, N. (2021, December 08). \u201cThe Rising NFT Tide Lifts All Tokens\u201d, Including IBM\u2019s Definition of the Permissioned Blockchain Paradigm, April 2021. Available online: https:\/\/www.ibm.com\/blogs\/blockchain\/2021\/04\/the-rising-nft-tide-lifts-all-tokens-so-what-is-an-nft\/."},{"key":"ref_2","unstructured":"Dixon, C. (2021, December 08). Why Web3 Matters. Available online: https:\/\/future.a16z.com\/why-web3-matters\/."},{"key":"ref_3","unstructured":"Marlinspike, M. (2021, December 08). First Impressions of Web3. January 2022. Available online: https:\/\/moxie.org\/2022\/01\/07\/web3-first-impressions.html."},{"key":"ref_4","unstructured":"Jain, M., Oliveria, M., Shin, A., Apostolu, D., Wackerow, P., Zhu, R., Awosika, E., Richards, S., Zhang, L., and Cook, J. (2022, December 22). \u201cZero Knowledge Rollups\u201d, Etherium Documentation. Available online: https:\/\/ethereum.org\/en\/developers\/docs\/scaling\/zk-rollups\/."},{"key":"ref_5","unstructured":"Kalodner, H., Goldfeder, S., Chen, X., Weinberg, S., and Felten, E. (2018, January 15\u201317). Arbitrum: Scalable, Private Smart Contracts. Proceedings of the 27th USENIX Security Symposium, Baltimore, MD, USA. Available online: https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/kalodner."},{"key":"ref_6","unstructured":"Shraddha, S. (2022, December 22). Top 11 Defi Cross-Chain Bridge Attacks of 2022: Hackers Bag over $2 Billion. BeInCrypto. 10 October 2022. Available online: https:\/\/beincrypto.com\/top-11-defi-cross-chain-bridge-attacks-of-2022-hackers-bag-over-2-billion\/."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Mochram, R., Macawower, C., Tanujaya, K., Moniaga, J., and Jabar, B. (2022, January 15\u201316). Systematc Literature Review: Blockchain security in NFT ownership. Proceedings of the 2022 International Conference on Electrical and Information Technology, Malang, Indonesia.","DOI":"10.1109\/IEIT56384.2022.9967897"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Krichin, M., Lahami, M., and Al-Haija, Q. (2022, January 11\u201313). Formal Methods for the Verification of Smart Contracts: A Review. Proceedings of the IEEE 15th International Conference on Security of Information Networks, Sousse, Tunesia.","DOI":"10.1109\/SIN56466.2022.9970534"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"101227","DOI":"10.1016\/j.pmcj.2020.101227","article-title":"Verification of smart contracts: A survey","volume":"67","author":"Almakhour","year":"2020","journal-title":"J. Pervasive Mob. Comput."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"101519","DOI":"10.1016\/j.tele.2020.101519","article-title":"Smart contracts on the blockchain: A bibliometric analysis and review","volume":"57","author":"Ante","year":"2021","journal-title":"J. Telemat. Inf."},{"key":"ref_11","first-page":"70","article-title":"A formal verification approach for composite smart contract security using FSM","volume":"53","author":"Almakhour","year":"2023","journal-title":"J. King Saud Univ.-Comput. Inf. Sci."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"100179","DOI":"10.1016\/j.patter.2020.100179","article-title":"A comprehensive survey on smart contract construction and execution: Paradigms, tools, and systems","volume":"2","author":"Hu","year":"2021","journal-title":"Patterns"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Hong, G., and Chang, H. (2022, January 19\u201321). A study on corporate information assets management system using NFT. Proceedings of the IEEE 13th International Conference on Information and Communication Technology Convergence, Jeju Island, Republic of Korea.","DOI":"10.1109\/ICTC55196.2022.9952364"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Takahashi, H., and Lakhani, U. (2022, January 18\u201321). Sustainable NFT blockchain storage for high availability and security. Proceedings of the IEEE 11th Global Conference on Consumer Electronics, Osaka, Japan.","DOI":"10.1109\/GCCE56475.2022.10014287"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Abaci, I., and Ulku, E.E. (2022, January 20\u201322). NFT based asset management system. Proceedings of the IEEE International Symposium on Multidisciplinary Studies and Innovative Technologies, Ankara, Turkey.","DOI":"10.1109\/ISMSIT56059.2022.9932702"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Mell, P., Spring, J., Dugal, D., Ananthakrishna, S., Casotto, F., Fridley, T., Ganas, C., Kundu, A., Nordwall, P., and Pushpanathan, V. (2023, February 13). Measuring the Common Vulnerability Scoring System Base Score Equation, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2022\/NIST.IR.8409.pdf.","DOI":"10.6028\/NIST.IR.8409.ipd"},{"key":"ref_17","unstructured":"Halpern, E. (2022, December 22). What Are Zero-Knowledge Rollups, Alchemy. Available online: https:\/\/www.alchemy.com\/blog\/zero-knowledge-rollups."},{"key":"ref_18","unstructured":"Bowers, S. (2022, December 22). Langbar International, The Guardian, June 2011. Available online: https:\/\/www.theguardian.com\/business\/2011\/jun\/24\/langbar-international-fraud-history."},{"key":"ref_19","unstructured":"(2021, December 08). Cimpanu, Law Enforcement Seizes Dark Web Market. May 2019. Available online: https:\/\/www.zdnet.com\/article\/law-enforcement-seizes-dark-web-market-after-moderator-leaks-backend-credentials\/."},{"key":"ref_20","unstructured":"Perper, R. (2022, December 08). Over $30B of NFT trading on Etherium Is Wash Trading. December 2022. Available online: https:\/\/www.coindesk.com\/web3\/2022\/12\/23\/over-30b-of-nft-trading-volume-on-ethereum-is-wash-trading-research-suggests\/."},{"key":"ref_21","unstructured":"Martin, L. (2022, December 08). Winning the Red Queen Race. November 2022. Available online: https:\/\/www.bluetoad.com\/publication\/index.php?m=1336&i=659360&view=articleBrowser&article_id=3668188."},{"key":"ref_22","unstructured":"Fauvel, A. (2022, December 22). The Red Queen, October 2018. Available online: https:\/\/medium.com\/two-hop-ventures\/the-red-queen-8d0844aa5a20."},{"key":"ref_23","unstructured":"Qureshi, H. (2021, December 08). The DeFi Flash Loan Attack that Changed Everything. February 2020. Available online: https:\/\/www.coindesk.com\/tech\/2020\/02\/27\/the-defi-flash-loan-attack-that-changed-everything\/."},{"key":"ref_24","unstructured":"(2021, December 08). OpenZeppelin Math Libraries. Available online: https:\/\/docs.openzeppelin.com\/contracts\/2.x\/api\/math."},{"key":"ref_25","unstructured":"(2022, December 22). Etherium Smart Contract Best Practices, \u201cDenial of Service\u201d. Available online: https:\/\/consensys.github.io\/smart-contract-best-practices\/attacks\/denial-of-service\/."},{"key":"ref_26","unstructured":"Marchenko, E. (2022, December 22). Constantinople Hard Fork Makes Us Rethink What Reentrancy Is. Medium, SmartDec Cybersecurity Blog. 17 January 2019. Available online: https:\/\/blog.smartdec.net\/constantinople-hard-fork-makes-us-rethink-what-reentrancy-is-455716c53537."},{"key":"ref_27","unstructured":"Mollen, F. (2022, December 08). Arbitrum Rewards Hacker for Detecting Critical Vulnerability. September 2022. Available online: https:\/\/bingx.com\/en-us\/news\/20483\/."},{"key":"ref_28","unstructured":"(2022, December 08). Certik Whte Paper, Wormhole Bridge Exploit Incident Analysis. August 2022. Available online: https:\/\/www.certik.com\/resources\/blog\/1kDYgyBcisoD2EqiBpHE5l-wormhole-bridge-exploit-incident-analysis."},{"key":"ref_29","unstructured":"Paige, C. (2022, December 08). Hacker Exploits Harmony Blockchain Bridge. June 2022. Available online: https:\/\/techcrunch.com\/2022\/06\/24\/harmony-blockchain-crypto-hack\/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAAHb0-0Gtz_bLf43LyRFT6vAgmbQ7J7BOHADplYAOAw-hqKsPz7fFW5vEVacDr3pxDDgT_xsjRuJerGXFCFQSv2IT-INVoLHlKJqv_bIU-Q3mJyaGUWr-55RDSJovfHMpexupKBoBuSZemTYg_vK3gopXpKNcpRJsGUHL7KuaVVO."},{"key":"ref_30","unstructured":"Colafi, A. (2022, December 08). Axie Infinity Hack. March 2022. Available online: https:\/\/www.techtarget.com\/searchsecurity\/news\/252515336\/Axie-Infinity-hack-results-in-600M-cryptocurrency-heist."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/7\/1\/15\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:51:43Z","timestamp":1760122303000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/7\/1\/15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,10]]},"references-count":30,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2023,3]]}},"alternative-id":["cryptography7010015"],"URL":"https:\/\/doi.org\/10.3390\/cryptography7010015","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2023,3,10]]}}}