Book ChapterDOI
A Survey of Attacks on Ethereum Smart Contracts SoK
Nicola Atzei,Massimo Bartoletti,Tiziana Cimoli +2 more
- Vol. 10204, pp 164-186
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.Abstract:
Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.read more
Citations
More filters
Proceedings ArticleDOI
A Comparative Analysis of Potential Factors and Impacts that Affect Blockchain Technology in Software: Based Applications
TL;DR: Blockchain this article is a new technology that considerably provides help in case of application of distributed ledger system by use of decentralized transactional databases is introduced as Blockchain. The functions of Blockchain can be categorized into three phases: Firstly, it emphasizes on decentralization i.e. no centralized body can dictate on other blocks.
Journal ArticleDOI
Empirical Analysis of Vulnerabilities in Blockchain-based Smart Contracts
TL;DR: The effectiveness and accuracy of security code analysis tools on Ethereum are investigated by testing them on a random sample of vulnerable contracts, and results indicate that the tools have significant discrepancies when it comes to certain security characteristics.
Proceedings ArticleDOI
Alleviating High Gas Costs by Secure and Trustless Off-chain Execution of Smart Contracts
TL;DR: In this paper , the authors propose a protocol to move most of the computation off-chain while preserving enough data on-chain to guarantee implicit consensus about the contract state and ownership of funds in case of dishonest parties.
Book ChapterDOI
Blockchain Technology: Key Features and Main Applications
TL;DR: In this article, a general overview of the fundamentals of blockchain technology and how it works is presented, and two main applications of blockchain, namely cryptocurrencies and smart contracts, are discussed.
Book ChapterDOI
Smart Contract Development from the Perspective of Developers: Topics and Issues Discussed on Social Media
TL;DR: In this paper, the authors study smart-contract developers and their discussions on two social media sites, Stack Exchange and Medium, and provide insight into the trends and key topics of these discussions, into the developers' interest in various security issues and security tools, and into the developer's technological background.
References
More filters
Book
Isabelle/HOL: A Proof Assistant for Higher-Order Logic
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Ethereum: A Secure Decentralised Generalised Transaction Ledger
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Journal ArticleDOI
Formalizing and Securing Relationships on Public Networks
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Proceedings ArticleDOI
On the Security and Performance of Proof of Work Blockchains
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Proceedings ArticleDOI
Making Smart Contracts Smarter
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.