Skip to main content

Penetration testing framework for smart contract Blockchain


Smart contracts powered by blockchain ensure transaction processes are effective, secure and efficient as compared to conventional contacts. Smart contracts facilitate trustless process, time efficiency, cost effectiveness and transparency without any intervention by third party intermediaries like lawyers. While blockchain can counter traditional cybersecurity attacks on smart contract applications, cyberattacks keep evolving in the form of new threats and attack vectors that influence blockchain similar to other web and application based systems. Effective blockchain testing help organizations to build and utilize the technology securely withe connected infrastructure. However, during the course of our research, the authors detected that Blockchain technology comes with security considerations like irreversible transactions, insufficient access, and non-competent strategies. Attack vectors, like these are not found on web portals and other applications. This research presents a new Penetration Testing framework for smart contracts and decentralized apps. The authors compared results from the proposed penetration-testing framework with automated penetration test Scanners. The results detected missing vulnerability that were not reported during regular pen test process.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10


  1. Greenspan G (2018) Why Many Smart Contract Use Cases Are Simply Impossible. Retrieved March 10, 2020, from

  2. Tsankov P (2018) Security practical security analysis of smart contracts. ArXiv preprint, arXiv: 1806.01143v2

  3. Wang F, Yuan Y, Rong C, Zhang J (2018) Parallel Blockchain: an architecture for CPSS-based smart societies. IEEE transactions of. Comput Soc 5(2):303–310

    Google Scholar 

  4. Zhang Y (2018) Smart contract-based access control for internet of things (IoT). ArXiv Preprint arXiv 1802(04410):2018

    Google Scholar 

  5. Xu L, Mcardle G (2018) Internet of too many things in smart transport: the problem, the side effects and the solution. IEEE Access 6:62840–62848.

    Article  Google Scholar 

  6. Li Y, Cheng X, Cao Y, Wang D, Yang Y (2018) Smart choice for the smart grid: narrowband internet of things (NB-IoT). IEEE Internet Things J 5(3):1505–1515.

    Article  Google Scholar 

  7. Amani S, Bégel M, Bortin M, Staples M (2018) Towards verifying Ethereum smart contract Bytecode in Isabelle/HOL. Proceedings of 7th ACM SIGPLAN international conference for certified program proofs (CPP), Los Angeles, 66–77

  8. Wang S (2018) A preliminary research of prediction markets based on Blockchain powered smart contracts. Proceedings of IEEE international conference of Blockchain, 1287–1293

  9. Chang T, Svetinovic D (2019) Improving Bitcoin ownership identification using transaction patterns analysis. IEEE Trans Syst Man Cyber Syst Pub 50:9–20.

    Article  Google Scholar 

  10. Australian Securities Exchange (2018) CHESS Replacement. Retrieved February 15, 2020 from

  11. US Securities and Exchange Commission (2018). Investor Bulletin: Initial Coin Offerings. Retrieved February 5, 2020, from

  12. Zhang J (2018) Cyber-physical social systems: the state of the art and perspectives. IEEE Trans Comput Soc 5(3):829–840

    Article  Google Scholar 

  13. What is a DAO? (2018) Retrieved February 17, 2020, from

  14. Wan J, Li J, Imran M, Li M, Fazal A (2019) Blockchain-based solution for enhancing security and privacy in smart factory. IEEE transactions on industrial informatics (early access), IEEE systems, man, and cybernetics society.

  15. Pouttu A, Liinamaa O, Destino G (2018) 5G test network (5GTN) — environment for demonstrating 5G and IoT convergence during 2018 Korean Olympics between Finland and Korea," IEEE INFOCOM 2018 - IEEE conference on computer communications workshops (INFOCOM WKSHPS), Honolulu, HI, 2018, pp. 1–2,

  16. Choo K, Gritzalis S, Park J (2018) Cryptographic solutions for industrial internet-of-things: research challenges and opportunities. IEEE Trans Industrial Info 14(8):3567–3569.

    Article  Google Scholar 

  17. Tonelli R, Lunesu M, Pinna A, Taibi D, Marchesi M (2019) Implementing a microservices system with Blockchain smart contracts. IEEE international workshop on Blockchain oriented software engineering (IWBOSE), Hangzhou.

    Book  Google Scholar 

  18. Amoordon A, Rocha H (2019) Presenting Tendermint: Idiosyncrasies, Weaknesses, and Good Practices. IEEE international workshop on Blockchain oriented software engineering (IWBOSE), Hangzhou.

    Book  Google Scholar 

  19. Yamashita K, Nomura Y, Zhou F, Pi B, Jun S (2019) Potential risks of hyper ledger fabric smart contracts. IEEE international workshop on Blockchain oriented software engineering (IWBOSE), Hangzhou.

    Book  Google Scholar 

  20. Al-Jaroodi J, Mohamed N (2019) Industrial applications of Blockchain. IEEE 9th annual computing and communication workshop and conference (CCWC), Las Vegas.

    Book  Google Scholar 

  21. The Energy Web Foundation (2018) Promising Blockchain Applications for Energy: Separating the Signal from the Noise. Retrieved April 2, 2020, from

  22. Mohamed N, Al-Jaroodi J (2019) Applying Blockchain in industry 4.0 applications. IEEE 9th annual computing and communication workshop and conference (CCWC), Las Vegas.

  23. Draper A, Familrouhani A, Cao D, Heng T, Han W (2019) Security applications and challenges in Blockchain. IEEE international conference on consumer electronics (ICCE), Las Vegas, NV

  24. Mahmood S, Hasan R, Ullah A, Sarker U (2019) SMART security alert system for monitoring and controlling container transportation. 4th MEC international conference on big data and Smart City (ICBDSC), Muscat.

  25. Tateishi T, Yoshihama S, Sato N, Saito S (2019) Automatic smart contract generation using controlled natural language and template. IBM J Res Dev (Early Access), IBM.

  26. Wang S, Ouyang L, Yuan Y, Ni X, Han X, Wang F (2019) Blockchain-enabled smart contracts: architecture, applications, and future trends. IEEE transactions on systems, man, and cybernetics: systems (early access), IEEE systems, man, and cybernetics society.

  27. Hildenbrandt E (2018) KEVM: A complete formal semantics of the Ethereum virtual machine. IEEE 31st computer Security Foundation symposium (CSF), 204–217

  28. Ozyilmaz R, Yurdakul A (2019) Designing a Blockchain-based IoT with Ethereum, swarm, and LoRa: the software solution to create high availability with minimal security risks. IEEE consumer electronics magazine, volume: 8, issue 2, 28–34. IEEE Consum Electron Soc 8:28–34.

  29. Knirsch F, Unterweger A, Engel D (2018) Privacy-preserving Blockchain-based electric vehicle charging with dynamic tariff decisions. Compute. Sci. Res. Develop. 33(1–2):71–79

    Article  Google Scholar 

  30. Suliman A, Husain Z, Abououf M, Alblooshi M, Salah K (2019) Monetization of IoT data using smart contracts. IET Networks 8(1):32–37.

    Article  Google Scholar 

  31. Wood G (2016). Ethereum: A secure decentralized generalized transaction ledger. Retrieved March 15, 2020, from

  32. Alladi T, Chamola V, Parizi R Choo R (2019) Blockchain applications for industry 4.0 and industrial IoT: a review. IEEE access, special section on distributed computing infrastructure for cyber-physical systems, volume 2019 (7).

  33. Ch R, Gadekallu T, Abidi M, Al-Ahmari A (2020) Computational system to classify cyber crime offenses using machine learning. MDPI J Sustainability 12.

  34. Azab A, Alazab M, Aiash M (2016) Machine learning based botnet identification traffic. In 2016 IEEE Trustcom/BigDataSE/ISPA (pp 1788-1794). IEEE

  35. Reddy GT, Sudheer K, Rajesh K, Lakshmanna K (2014) Employing data mining on highly secured private clouds for implementing a security-asa-service framework. J Theor Appl Inf Technol 59(2):317–326

    Google Scholar 

  36. Qin R, Yuan Y, Wang Y (2018) Research on the selection strategies of Blockchain mining pools. IEEE Trans Comput Soc 5(3):748–757

    Article  Google Scholar 

  37. Gatteschi V, Lamberti F, Demartini C, Pranteda C, Santamaria V (2018) Blockchain and smart contracts for insurance: is the technology mature enough? IEEE Future Internet 10(2):20–26

    Article  Google Scholar 

  38. Lin C, Wang Z, Deng J, Wang L, Ren J, Wu G (2018) mTS: temporal-and spatial-collaborative charging for wireless rechargeable sensor networks with multiple vehicles. IEEE INFOCOM 2018 - IEEE conference on computer communications. Honolulu, HI 2018:99–107.

    Article  Google Scholar 

  39. Struye J, Braem B, Latré S, Marquez-Barja J (2018) The CityLab testbed — large-scale multi-technology wireless experimentation in a city environment: neural network-based interference prediction in a smart city, vol 2018. IEEE INFOCOM 2018 - IEEE conference on computer communications workshops (INFOCOM WKSHPS), Honolulu, pp 529–534.

  40. Shah B, Chen Z, Yin F, Khan I, Ahmad N (2018) Energy and interoperable aware routing for throughput optimization in clustered IoT-wireless sensor networks. Futur Gener Comput Syst 81:372–381

    Article  Google Scholar 

  41. Shah B, Zhe C, Yin F, Khan I, Begum S, Faheem M, Khan F (2018) 3D weighted centroid algorithm & RSSI ranging model strategy for node localization in WSN based on smart devices. Sustain Cities Soc 39:298–308

    Article  Google Scholar 

  42. Numan M, Subhan F, Khan WZ, Hakak S, Haider S, Reddy G, Alazab M (2020) A systematic review on clone node detection in static wireless sensor networks. IEEE Access 8:65450–65461

    Article  Google Scholar 

  43. Bhattacharya S, Kaluri R, Singh S, Alazab M, Tariq U (2020) A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9(2):219

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding authors

Correspondence to Syed Bilal Hussian Shah or Thippa Reddy Gadekallu.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.


This research presents a new framework to perform manual penetration testing framework on smart contract application and decentralized apps.

• Results from the new proposed penetration-testing framework and automated penetration test scanners are compared in this research for Blockchain applications. No other framework currently performs such validations.

• The new framework detected missing vulnerabilities that were initially not reported during the regular penetration testing process, which could have made the Blockchain contract app vulnerable to Cyber-attacks and threats.

• While in real-time Cyber space, no one can ensure that the operations would be executed in a predefined order. Any malicious user could cheat the seller if the buyer intentionally changes the order of transactions or execution process. The proposed framework performs validation and compares input as well as any mismatch for actual steps against the predefined properties and process.

• The authors also compared the tool and manual penetration testing results to analyze in the wake of removing the vulnerabilities discovered amid penetration Tests for the smart contract applications.

This article is part of the Topical Collection: Special Issue on Blockchain for Peer-to-Peer Computing

Guest Editors: Keping Yu, Chunming Rong, Yang Cao, and Wenjuan Li

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Bhardwaj, A., Shah, S.B.H., Shankar, A. et al. Penetration testing framework for smart contract Blockchain. Peer-to-Peer Netw. Appl. 14, 2635–2650 (2021).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • Attack vectors
  • Blockchain
  • Cyber threats
  • Cybersecurity
  • Smart contracts