A Survey of Attacks on Ethereum Smart Contracts SoK
22 Apr 2017-Vol. 10204, pp 164-186
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Citations
More filters
Posted Content•
TL;DR: This survey systematizes three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses, and draws insights into, among other things, vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.
Abstract: The blockchain technology is believed by many to be a game changer in many application domains, especially financial applications. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency purposes, the second generation (i.e., Blockchain 2.0), as represented by Ethereum, is an open and decentralized platform enabling a new paradigm of computing --- Decentralized Applications (DApps) running on top of blockchains. The rich applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure cryptocurrency systems like Bitcoin. Since Ethereum is a new, yet complex, system, it is imperative to have a systematic and comprehensive understanding on its security from a holistic perspective, which is unavailable. To the best of our knowledge, the present survey, which can also be used as a tutorial, fills this void. In particular, we systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses. We draw insights into, among other things, vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.
112 citations
Cites background or methods from "A Survey of Attacks on Ethereum Sma..."
...12) Secrecy failure (12): This vulnerability was first observed from a multi-player game in [56] and was also called keeping secrets in [12]....
[...]
...It has two variants, called gasless send and unchecked send [12], [64]....
[...]
...4) Upgradable contract (4): This vulnerability was first discussed in [12]....
[...]
...18) Type casts (18): This vulnerability was first reported in [12]....
[...]
...The contract has four vulnerabilities [12], which allowed the following four attack tactics and explains why 5, 6, 7, and 8 belong to the same type of attacks....
[...]
TL;DR: This paper defines two taxonomies for both Blockchain and DTRMS and applies a Formal Concept Analysis and reveals significant trends and emerging practices in the current implementations that have been distilled into recommendations to guide Blockchain’s adoption in D TRMS systems.
Abstract: Distributed Ledger Technologies (DLTs), like Blockchain, are characterized by features such as transparency, traceability, and security by design. These features make the adoption of Blockchain attractive to enhance information security, privacy, and trustworthiness in very different contexts. This paper provides a comprehensive survey and aims at analyzing and assessing the use of Blockchain in the context of Distributed Trust and Reputation Management Systems (DTRMS). The analysis includes academic research as well as initiatives undertaken in the business domain. The paper defines two taxonomies for both Blockchain and DTRMS and applies a Formal Concept Analysis. Such an approach allowed us to identify the most recurrent and stable features in the current scientific landscape and several important implications among the two taxonomies. The results of the analysis have revealed significant trends and emerging practices in the current implementations that have been distilled into recommendations to guide Blockchain’s adoption in DTRMS systems.
111 citations
Cites background from "A Survey of Attacks on Ethereum Sma..."
...While in [83], several vulnerabilities in Ethereum SC design are also analyzed....
[...]
02 Jul 2018
TL;DR: This paper describes a taxonomy of blockchain applications called blockchain generations, and provides a general structure of the blockchain platform which decomposes the distributed ledger into six layers: Application, Modeling, Contract, System, Data, and Network.
Abstract: Distributed blockchain ledgers are on the verge of becoming a disruptive technology, profoundly impacting a wide range of industries and established applications, such as cryptocurrency, and allowing for novel use cases in both the public sector (e.g., eGovernment, eHealth, etc.) and the private sector (e.g., finance, supply chain management, etc.). Blockchains promise the ability to maintain critical information in a trustworthy repository without any centralized management. The reliability of blockchain-enabled applications is based on the innate immutability of stored data, maintained through cryptographic means, which enables blockchains to provide transparency, efficiency, auditability, trust, and security. As the technology is still in its infancy, a number of pain points must be addressed in order to make distributed ledgers more dependable, scalable, and pervasive. In this paper, we present the research landscape in distributed ledger technology (DLT). To do so, we describe a taxonomy of blockchain applications called blockchain generations. We also present the DCS properties (Decentralization, Consistency, and Scalability) as an analogy to the CAP theorem. Furthermore, we provide a general structure of the blockchain platform which decomposes the distributed ledger into six layers: Application, Modeling, Contract, System, Data, and Network. Finally, we classify research angles across three dimensions: DCS properties impacted, targeted applications, and related layers.
108 citations
Posted Content•
TL;DR: This paper systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains, and outlines several attacks, including selfish mining, the 51% attack, Domain Name System attacks, distributed denial-of-service (DDoS) attacks, consensus delay, orphaned blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks.
Abstract: In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, Domain Name System (DNS) attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities
108 citations
Cites background from "A Survey of Attacks on Ethereum Sma..."
...[61] also explored various attacks limited to Ethereum smart contracts....
[...]
...(4) Building on top of the prior work [45], [57], [61], for each attack class, we also explore the possible defense strategies that have been proposed to harden the security of Blockchains....
[...]
14 Jul 2018
TL;DR: This work will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools, and focus on EtherTrust, a framework for the static analysis of Ethereum smart contracts which includes the first complete small-step semantics of EVM bytecode.
Abstract: The recent growth of the blockchain technology market puts its main cryptocurrencies in the spotlight. Among them, Ethereum stands out due to its virtual machine (EVM) supporting smart contracts, i.e., distributed programs that control the flow of the digital currency Ether. Being written in a Turing complete language, Ethereum smart contracts allow for expressing a broad spectrum of financial applications. The price for this expressiveness, however, is a significant semantic complexity, which increases the risk of programming errors. Recent attacks exploiting bugs in smart contract implementations call for the design of formal verification techniques for smart contracts. This, however, requires rigorous semantic foundations, a formal characterization of the expected security properties, and dedicated abstraction techniques tailored to the specific EVM semantics. This work will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools. We will then focus on EtherTrust [1], a framework for the static analysis of Ethereum smart contracts which includes the first complete small-step semantics of EVM bytecode, the first formal characterization of a large class of security properties for smart contracts, and the first static analysis for EVM bytecode that comes with a proof of soundness.
107 citations
Cites background or methods from "A Survey of Attacks on Ethereum Sma..."
...For motivating the definition of single-entrancy, we introduce a class of bugs in Ethereum smart contracts called reentrancy bugs [16,14]....
[...]
...Furthermore, many smart contracts in the wild are intentionally fraudulent, as highlighted in a recent survey [14]....
[...]
References
More filters
Book•
01 Jan 2002TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Abstract: Elementary Techniques.- 1. The Basics.- 2. Functional Programming in HOL.- 3. More Functional Programming.- 4. Presenting Theories.- Logic and Sets.- 5. The Rules of the Game.- 6. Sets, Functions, and Relations.- 7. Inductively Defined Sets.- Advanced Material.- 8. More about Types.- 9. Advanced Simplification, Recursion, and Induction.- 10. Case Study: Verifying a Security Protocol.
2,964 citations
01 Jan 2013
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Abstract: The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its
utility through a number of projects, not least Bitcoin. Each such project can be seen as a simple application on a decentralised, but singleton, compute resource. We can call this paradigm a transactional singleton machine with shared-state.
Ethereum implements this paradigm in a generalised manner. Furthermore it provides a plurality of such resources, each with a distinct state and operating code but able to interact through a message-passing framework with others. We discuss its design, implementation issues, the opportunities it provides and the future hurdles we envisage.
2,755 citations
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Abstract: Smart contracts combine protocols with user interfaces to formalize and secure relationships over computer networks. Objectives and principles for the design of these systems are derived from legal principles, economic theory, and theories of reliable and secure protocols. Similarities and differences between smart contracts and traditional business procedures based on written contracts, controls, and static forms are discussed. By using cryptographic and other security mechanisms, we can secure many algorithmically specifiable relationships from breach by principals, and from eavesdropping or malicious interference by third parties, up to considerations of time, user interface, and completeness of the algorithmic specification. This article discusses protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer.
1,495 citations
24 Oct 2016
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Abstract: Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not received much attention in the literature. This opens the question whether existing security analysis of Bitcoin's PoW applies to other implementations which have been instantiated with different consensus and/or network parameters. In this paper, we introduce a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains. Based on our framework, we devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints such as network propagation, different block sizes, block generation intervals, information propagation mechanism, and the impact of eclipse attacks. Our framework therefore allows us to capture existing PoW-based deployments as well as PoW blockchain variants that are instantiated with different parameters, and to objectively compare the tradeoffs between their performance and security provisions.
1,258 citations
24 Oct 2016
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Abstract: Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.
1,232 citations