Methodology for Analyzing Vulnerabilities and Determining the Security Level of a Smart Contract When Placed in Distributed Ledger Systems

Every year, the technology of using smart contracts is attracting more and more attention from users due to the unique advantages that it possesses: automatic execution of transactions in a traceable and unchanging way without third party authorization. At the same time, a smart contract is one of the most vulnerable elements in distributed ledger systems, which can be susceptible to attack by intruders. The aim of the research is to develop a methodology that allows analyzing a smart contract for information security vulnerabilities and determining the security level of a smart contract before placing it in distributed ledger systems. Research methods: to achieve this goal, methods of static and dynamic analysis were studied, the most relevant information security vulnerabilities were identified, and parameters for calculating the criticality factor of vulnerability and the security level of a smart contract were determined. Result: a promising static-dynamic method for analyzing the vulnerabilities of a smart contract is proposed, which makes it possible to unambiguously determine the security level of a smart contract before its placement in the distributed ledger system. Its main parameters are set, and the reference security factors of a smart contract are determined. The complete algorithm of the static-dynamic method of analyzing a smart contract is described, and an example of a generated documentary security report based on the results of analyzing a smart contract is given.