Security analysis of smart contract based rating and review systems: the perilous state of blockchain-based recommendation practices

Abstract

Nowadays, Blockchain-based rating/review systems are gaining popularity as a backbone for recommender systems due to the inherent cryptographically secured decentralised architecture, immutability, user anonymity, and inclusion of smart contracts. However, the existing Blockchain-based rating/review systems address resistance to the standard attacks, i.e. collusion attack, user threatening, and unfair rating. Still, they do not present security analyses of smart contracts that may result in substantial threats to the users of the systems. This manuscript presents an in-depth study of twelve publicly available security analysis tools and standard vulnerabilities in smart contracts and reviews. The experimental setup uses a two-step approach for selecting the security analysis tool. The first step identifies the seven tools their proposers or independent researchers have compared, and the second step proposes a new method for selecting tools based on continuous improvement. Our experimental results show security issues in 51.72% of the analysed smart contracts of four Blockchain-based rating/review systems. 6.67% of vulnerable smart contracts exhibit high-level severity threats that raise an alarming condition for the current state of system developments.