Book ChapterDOI
A Survey of Attacks on Ethereum Smart Contracts SoK
Nicola Atzei,Massimo Bartoletti,Tiziana Cimoli +2 more
- Vol. 10204, pp 164-186
Reads0
Chats0
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.Abstract:
Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.read more
Citations
More filters
Journal ArticleDOI
V-Gas: Generating High Gas Consumption Inputs to Avoid Out-of-Gas Vulnerability
TL;DR: V-Gas, which automatically generates inputs that maximize the gas cost and reduce underestimation, has exposed 25 previously unknown out-of-gas vulnerabilities in widely-used smart contracts, 6 of which have been assigned unique CVE identifiers in the US National Vulnerability Database.
Proceedings ArticleDOI
Short Paper: Blockcheck the Typechain
TL;DR: This work proposes that the blockchain be viewed as a typechain: a chain of typed programs --- not arbitrary blocks --- that are included iff they typecheck against the existing chain, and contends that a typechains must minimally guarantee physical resource availability, and inter-contract safety, including reentrancy safety.
Posted Content
Mutation testing of smart contracts at scale
Pieter H. Hartel,Richard Schumi +1 more
TL;DR: This paper improves the existing mutation methods by introducing a novel killing condition that is able to detect a deviation in the gas consumption, i.e., in the monetary value that is required to perform transactions.
Proceedings ArticleDOI
ProMutator: Detecting Vulnerable Price Oracles in DeFi by Mutated Transactions
TL;DR: ProMutator as discussed by the authors is a scalable security analysis framework that detects price oracle vulnerabilities before attacks occur by mutating the data needed for price calculation, which can reduce the required simulation runs drastically.
Book ChapterDOI
Runtime Verification and Vulnerability Testing of Smart Contracts
Misha Abraham,K. P. Jevitha +1 more
TL;DR: This work focuses on runtime verification of ERC20 tokens using K framework and the comparison of tools available for detecting the vulnerabilities in smart contract, where Smartcheck was found to detect the highest number of vulnerabilities.
References
More filters
Book
Isabelle/HOL: A Proof Assistant for Higher-Order Logic
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Ethereum: A Secure Decentralised Generalised Transaction Ledger
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Journal ArticleDOI
Formalizing and Securing Relationships on Public Networks
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Proceedings ArticleDOI
On the Security and Performance of Proof of Work Blockchains
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Proceedings ArticleDOI
Making Smart Contracts Smarter
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.