Book ChapterDOI
A Survey of Attacks on Ethereum Smart Contracts SoK
Nicola Atzei,Massimo Bartoletti,Tiziana Cimoli +2 more
- Vol. 10204, pp 164-186
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.Abstract:
Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.read more
Citations
More filters
Journal ArticleDOI
Model checking smart contracts for Ethereum
TL;DR: This paper presents the tool chain that comprises the formalization of the semantics of smart contracts, via a functional specification of blockchain operations towards a formal representation of the smart contract at question that can be formally analyzed for correct implementation via model checking.
Journal ArticleDOI
Smart Contract Vulnerability Detection Model Based on Multi-Task Learning
TL;DR: A smart contract vulnerability detection model based on multi-task learning that realizes the detection of vulnerabilities and recognizes three types of vulnerabilities, and is less expensive than a single-task model in terms of time, computation, and storage.
Book ChapterDOI
Verification of Smart Contract Business Logic: Exploiting a Java Source Code Verifier
Wolfgang Ahrendt,Richard Bubel,Joshua Ellul,Gordon J. Pace,Raúl Pardo,Vincent Rebiscoul,Gerardo Schneider +6 more
TL;DR: An approach to verifying smart contracts written in Solidity by automatically translating Solidity into Java and using KeY, a deductive Java verification tool, to solve the problem of rolling back the effects of aborted transactions by exploiting KeY’s native support of JavaCard transactions.
Proceedings ArticleDOI
Quantifying Blockchain Extractable Value: How dark is the forest?
TL;DR: In this paper , the authors quantitatively quantify the BEV danger by deriving the USD extracted from sandwich attacks, liquidations, and decentralized exchange arbitrage, and they find that over 32 months, BEV yielded 540.54M USD in profit, divided among 11,289 addresses.
Journal ArticleDOI
A security framework for Ethereum smart contracts
TL;DR: ESAF (Ethereum Security Analysis Framework) is presented, a framework for analysis of smart contracts that aims to unify and facilitate the task of analysing smart contract vulnerabilities which can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.
References
More filters
Book
Isabelle/HOL: A Proof Assistant for Higher-Order Logic
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Ethereum: A Secure Decentralised Generalised Transaction Ledger
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Journal ArticleDOI
Formalizing and Securing Relationships on Public Networks
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Proceedings ArticleDOI
On the Security and Performance of Proof of Work Blockchains
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Proceedings ArticleDOI
Making Smart Contracts Smarter
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.