scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Survey of Attacks on Ethereum Smart Contracts SoK

22 Apr 2017-Vol. 10204, pp 164-186
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Citations
More filters
Proceedings ArticleDOI
01 Jul 2019
TL;DR: In this paper, a vision for a blockchain-based Mobility-as-a-Service (MaaS) as an application of edge computing is presented, which has the potential to emerge as the main component for a smart city transportation offering efficiency and reducing carbon dioxide emissions.
Abstract: In this paper, we present a vision for a blockchain-based Mobility-as-a-Service (MaaS) as an application of edge computing. In current MaaS systems, a central MaaS operator plays a crucial role serving an intermediate layer which manages and controls the connections between transportation providers and passengers with several other features. Since the willingness of public and private transportation providers to connect to this layer is essential in the current realization of MaaS, in our vision, to eliminate this layer, a novel blockchain-based MaaS is proposed. The solution also improves trust and transparency for all stakeholders as well as eliminates the need to make commercial agreements with separate MaaS agents. From a technical perspective, the power of computing and resources are distributed to different transportation providers at the edge of the network providing trust in a decentralised way. The blockchain-based MaaS has the potential to emerge as the main component for a smart city transportation offering efficiency and reducing carbon dioxide emissions.

26 citations


Cites background from "A Survey of Attacks on Ethereum Sma..."

  • ...As a survey of vulnerabilities on smart contracts with Ethereum as a case study, [19] divided existing smart contract’s attacks into three main groups (programming language - Solidity, Etherum Virtual Machine - EVM, and blockchain)....

    [...]

Proceedings ArticleDOI
04 Sep 2020
TL;DR: Wang et al. as mentioned in this paper collected as many smart contract bugs as possible from multiple sources and divided these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies, and designed the criteria for detecting each kind of bugs, and constructed a dataset of smart contracts covering all kinds of bugs.
Abstract: Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract’s bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.

26 citations

Book ChapterDOI
05 Nov 2018
TL;DR: Preliminary results of mechanically verifying some of such properties of smart contracts by embedding a smart contract language into the Coq proof assistant are reported on.
Abstract: Smart contracts—shared stateful reactive objects stored on a blockchain—are widely employed nowadays for mediating exchanges of crypto-currency between multiple untrusted parties. Despite a lot of attention given by the formal methods community to the notion of smart contract correctness, only a few efforts targeted their lifetime properties. In this paper, we focus on reasoning about execution traces of smart contracts. We report on our preliminary results of mechanically verifying some of such properties by embedding a smart contract language into the Coq proof assistant. We also discuss several common scenarios, all of which require multi-step blockchain-based arbitration and thus must be implemented via stateful contracts, and discuss possible temporal specifications of the corresponding smart contract implementations.

26 citations


Cites background from "A Survey of Attacks on Ethereum Sma..."

  • ...manently blocked—a violation of an implicitly assumed liveness property (meaning, informally, that eventually the funds can be retrieved by a well-behaved party) [3, 18]....

    [...]

Book ChapterDOI
26 Jun 2019
TL;DR: The finding is that most of the currently deployed smart contracts do not need Turing complete languages, but could also be implemented based on a simpler design of the underlaying language.
Abstract: Blockchain based systems become more and more prominent. While starting by developing (crypto)currency payment schemes, a lot of the latest development goes in the direction of executing source code directly in the peer-to-peer network blockchains are usually built on. These so called smart contracts have become popular in order to reduce the amount of necessary middle-mans involved in different processes. Despite the large amount of research already invested in the design of languages which support smart contracts, there are still a lot of problems in the existing approaches, regularly resulting in security flaws. One of these problems is the complexity of the used languages. Therefore, this paper provides an evaluation of currently deployed smart contracts with respect of the requirements of those contracts concerning computability. The finding is that most of the currently deployed smart contracts do not need Turing complete languages, but could also be implemented based on a simpler design of the underlaying language.

25 citations

Journal ArticleDOI
29 Apr 2019
TL;DR: Research supports that Blockchain is revolutionizing and disrupting organizations across all industries, and is really a next big technological invention after Internet.
Abstract: Organizations with high motivation for growth and cost-effective operation efficiencies, are always trying to bring new technologies to their operations. These organizations are very sensitive to change and value driven thus constant change is the only law for them to achieve their goals and to be in the market. When Bitcoin jumps into the market, the whole world wanted to own it but now after Bitcoin and Cryptocurrency bubble, there are significant shift towards Blockchain related products, services, solution developments, researches and use-case studies. From technical-financial opportunist, to evangelist, to researchers, to Tech enterprises, to financial institutions, to governments, the whole world is behind Blockchain and now it has the technological spot light. Blockchain has left behind all other technologies as far as research initiatives, investments and financial funding are concern. There are substantial research growth on, how Blockchain can be useful in specific area? Objectives of this paper are to highlight some facts about Blockchain that were misinterpreted and misrepresented due to this sudden shift. In this research article, authors are presenting comprehensive literature review of Blockchain Technologies and its applications in various sectors. Our research supports that Blockchain is revolutionizing and disrupting organizations across all industries. Blockchain is really a next big technological invention after Internet. In Blockchain Code is the law and Smart Contracts are the new way of doing business.

25 citations

References
More filters
Book
01 Jan 2002
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Abstract: Elementary Techniques.- 1. The Basics.- 2. Functional Programming in HOL.- 3. More Functional Programming.- 4. Presenting Theories.- Logic and Sets.- 5. The Rules of the Game.- 6. Sets, Functions, and Relations.- 7. Inductively Defined Sets.- Advanced Material.- 8. More about Types.- 9. Advanced Simplification, Recursion, and Induction.- 10. Case Study: Verifying a Security Protocol.

2,964 citations

01 Jan 2013
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Abstract: The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, not least Bitcoin. Each such project can be seen as a simple application on a decentralised, but singleton, compute resource. We can call this paradigm a transactional singleton machine with shared-state. Ethereum implements this paradigm in a generalised manner. Furthermore it provides a plurality of such resources, each with a distinct state and operating code but able to interact through a message-passing framework with others. We discuss its design, implementation issues, the opportunities it provides and the future hurdles we envisage.

2,755 citations

Journal ArticleDOI
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Abstract: Smart contracts combine protocols with user interfaces to formalize and secure relationships over computer networks. Objectives and principles for the design of these systems are derived from legal principles, economic theory, and theories of reliable and secure protocols. Similarities and differences between smart contracts and traditional business procedures based on written contracts, controls, and static forms are discussed. By using cryptographic and other security mechanisms, we can secure many algorithmically specifiable relationships from breach by principals, and from eavesdropping or malicious interference by third parties, up to considerations of time, user interface, and completeness of the algorithmic specification. This article discusses protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer.

1,495 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Abstract: Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not received much attention in the literature. This opens the question whether existing security analysis of Bitcoin's PoW applies to other implementations which have been instantiated with different consensus and/or network parameters. In this paper, we introduce a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains. Based on our framework, we devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints such as network propagation, different block sizes, block generation intervals, information propagation mechanism, and the impact of eclipse attacks. Our framework therefore allows us to capture existing PoW-based deployments as well as PoW blockchain variants that are instantiated with different parameters, and to objectively compare the tradeoffs between their performance and security provisions.

1,258 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Abstract: Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.

1,232 citations

Trending Questions (1)
Why ethereum is important?

The provided paper does not explicitly mention why Ethereum is important.