scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Survey of Attacks on Ethereum Smart Contracts SoK

22 Apr 2017-Vol. 10204, pp 164-186
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Citations
More filters
Posted Content
TL;DR: This work presents CONFUZZIUS, a hybrid fuzzer that combines evolutionary fuzzing with constraint solving in order to execute more code and find more bugs in smart contracts, and evaluates the effectiveness of the fuzzing strategy, by comparing it with state-of-the-art symbolic execution tools and fuzzers.
Abstract: Smart contracts are Turing-complete programs that are executed across a blockchain network. Unlike traditional programs, once deployed they cannot be modified. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In recent years, smart contracts suffered major exploits, costing millions of dollars, due to programming errors. As a result, a variety of tools for detecting bugs has been proposed. However, majority of these tools often yield many false positives due to over-approximation or poor code coverage due to complex path constraints. Fuzzing or fuzz testing is a popular and effective software testing technique. However, traditional fuzzers tend to be more effective towards finding shallow bugs and less effective in finding bugs that lie deeper in the execution. In this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary fuzzing with constraint solving in order to execute more code and find more bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts of a smart contract, while constraint solving is used to generate inputs which satisfy complex conditions that prevent the evolutionary fuzzing from exploring deeper paths. Moreover, we use data dependency analysis to efficiently generate sequences of transactions, that create specific contract states in which bugs may be hidden. We evaluate the effectiveness of our fuzzing strategy, by comparing CONFUZZIUS with state-of-the-art symbolic execution tools and fuzzers. Our evaluation shows that our hybrid fuzzing approach produces significantly better results than state-of-the-art symbolic execution tools and fuzzers.

3 citations


Cites background from "A Survey of Attacks on Ethereum Sma..."

  • ...This type of programming mistake has led to multiple attacks in the past [1]....

    [...]

Journal ArticleDOI
TL;DR: Zhang et al. as mentioned in this paper harnessed blockchain technology to propose a decentralized public key infrastructure (PKI) framework named ProofChain, which provides complete trust among a decentralized group of CAs.
Abstract: Public Key Infrastructure (PKI) is the most widely accepted cryptography protocol to enable secure communication over the web. PKI comprises digital certificates managed by the certificate authorities (CAs) to verify the user’s identity, thus providing secure communication channels. However, the security of PKI is profoundly reliant on the reliability of these third-party CAs, which serves as a single point of failure for PKI. Over the past, there have been several incidents of popular CA breaches, where the centralized operation model of CAs caused numerous targeted attacks due to the spread of rogue certificates. In this paper, we aim to make the CA pool completely decentralized and concurrently build our decentralized solution cooperative with established PKI standards (i.e., X.509) for effective real-world integration. In particular, we harness blockchain technology to propose a decentralized PKI framework named ProofChain, which provides complete trust among a decentralized group of CAs. Our proposed solution provides all the traditional X.509 PKI operations (i.e., registration, validation, verification, and revocation), making it compatible with existing PKI standards. We have also evaluated ProofChain against popular security standards (i.e., the CIA triad model) and PKI adversarial attacks. Besides, to demonstrate the practicality of our proposed system, we have also evaluated the performance of the ProofChain by implementing it on the private testbed of the Ethereum network across various real-world PKI scenarios.

3 citations

Posted Content
TL;DR: A three-pronged analysis of the relative success of listed smart contracts is presented, using statistical analysis on the publicly visible transaction history of the Ethereum blockchain to determine that listed contracts are significantly more successful than their unlisted counterparts.
Abstract: Since it takes time and effort to put a new product or service on the market, one would like to predict whether it will be a success. In general this is not possible, but it is possible to follow best practices in order to maximise the chance of success. A smart contract is intended to encode business logic and is therefore at the heart of every new business on the Ethereum blockchain. We have investigated how to measure the success of smart contracts, and whether successful smart contracts have characteristics that less successful smart contracts lack. The appearance of a smart contract on a listing website such as Etherscan or StateoftheDapps is such a characteristic. In this paper, we present a three-pronged analysis of the relative success of listed smart contracts. First, we have used statistical analysis on the publicly visible transaction history of the Ethereum blockchain to determine that listed contracts are significantly more successful than their unlisted counterparts. Next, we have conducted a survey among more than 200 developers via an anonymous online survey about their experience with the listing process. A significant majority of respondents do not believe that listing a contract itself contributes to its success, but they believe that the extra attention that is typically paid in tandem with the listing process does contribute. Finally, based on the respondents' answers, we have drafted 10 recommendations for developers and validated them by submitting them to an international panel of experts.

3 citations


Cites background from "A Survey of Attacks on Ethereum Sma..."

  • ...The attack on the DAO contract and the subsequent hard fork [2], [24] occurred in July 2016, which may explain the large amount of Ether sent in that month....

    [...]

Journal ArticleDOI
26 Aug 2021
TL;DR: In this article, the authors study the problem of postfactum investigation of Ethereum attacks using Indicators of Compromise (IoC) specially crafted for use in the blockchain.
Abstract: Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks, the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved. In this work, we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise (IoCs) specially crafted for use in the blockchain. IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain. Therefore, we define a model for smart contract execution, comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain. Subsequently, we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue, a prototype tool for investigating Ethereum security incidents. Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation; however, they are contract-specific and suffer from false negatives. On the other hand, fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation which are nevertheless applicable for practical use.

3 citations

Book ChapterDOI
01 Jan 2019
TL;DR: The chapter explores the feature of the new disruptive business models-based blockchain technology as a new approach in delivering business products and services in different fields of business.
Abstract: Blockchain technology starts to reconfigure all aspects of society to make it clear and beneficial for the legal system. The chapter introduces “The Blockchain Revolution” in categories 1.0, 2.0, and 3.0; in the form of analyzing the use of the technology that is being applied in new innovative business models, Blockchain 1.0 starts with the creation of the first blockchain and the introduction of the technology in the “Bitcoin Whitepaper,” the crypto-currency model, via Bitcoin's application in services related to cash, payments, and transfers. Blockchain 2.0 starts with the indication that using smart contracts on blockchains will be available via the development of syntax (i.e., “solidity” that would enable developers to create solutions with blockchain technology at the backend). The chapter explores the feature of the new disruptive business models-based blockchain technology as a new approach in delivering business products and services. In the chapter, the authors explore the new technologies raised in different fields of business.

3 citations

References
More filters
Book
01 Jan 2002
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Abstract: Elementary Techniques.- 1. The Basics.- 2. Functional Programming in HOL.- 3. More Functional Programming.- 4. Presenting Theories.- Logic and Sets.- 5. The Rules of the Game.- 6. Sets, Functions, and Relations.- 7. Inductively Defined Sets.- Advanced Material.- 8. More about Types.- 9. Advanced Simplification, Recursion, and Induction.- 10. Case Study: Verifying a Security Protocol.

2,964 citations

01 Jan 2013
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Abstract: The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, not least Bitcoin. Each such project can be seen as a simple application on a decentralised, but singleton, compute resource. We can call this paradigm a transactional singleton machine with shared-state. Ethereum implements this paradigm in a generalised manner. Furthermore it provides a plurality of such resources, each with a distinct state and operating code but able to interact through a message-passing framework with others. We discuss its design, implementation issues, the opportunities it provides and the future hurdles we envisage.

2,755 citations

Journal ArticleDOI
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Abstract: Smart contracts combine protocols with user interfaces to formalize and secure relationships over computer networks. Objectives and principles for the design of these systems are derived from legal principles, economic theory, and theories of reliable and secure protocols. Similarities and differences between smart contracts and traditional business procedures based on written contracts, controls, and static forms are discussed. By using cryptographic and other security mechanisms, we can secure many algorithmically specifiable relationships from breach by principals, and from eavesdropping or malicious interference by third parties, up to considerations of time, user interface, and completeness of the algorithmic specification. This article discusses protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer.

1,495 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Abstract: Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not received much attention in the literature. This opens the question whether existing security analysis of Bitcoin's PoW applies to other implementations which have been instantiated with different consensus and/or network parameters. In this paper, we introduce a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains. Based on our framework, we devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints such as network propagation, different block sizes, block generation intervals, information propagation mechanism, and the impact of eclipse attacks. Our framework therefore allows us to capture existing PoW-based deployments as well as PoW blockchain variants that are instantiated with different parameters, and to objectively compare the tradeoffs between their performance and security provisions.

1,258 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Abstract: Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.

1,232 citations

Trending Questions (1)
Why ethereum is important?

The provided paper does not explicitly mention why Ethereum is important.