scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Survey of Attacks on Ethereum Smart Contracts SoK

22 Apr 2017-Vol. 10204, pp 164-186
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Citations
More filters
Book ChapterDOI
26 Jun 2019
TL;DR: It is shown how agency can enhance SC expressiveness with autonomy, situatedness, sociality, and intelligence, and highlight the limitations of state-of-art BCT in supporting MAS design and implementation.
Abstract: Features of blockchain technology (BCT) such as decentralisation, trust, fault tolerance, and accountability, are of paramount importance for multi-agent systems (MAS). In this paper we argue that a principled approach to MAS-BCT integration cannot overlook the foundational character of agency—that is, autonomy. Accordingly, we present a custom BCT implementation where autonomy is placed in smart contracts (SC) interpreted as software agents. We show how agency can enhance SC expressiveness with autonomy, situatedness, sociality, and intelligence, and highlight the limitations of state-of-art BCT in supporting MAS design and implementation.

11 citations

Proceedings ArticleDOI
01 Feb 2019
TL;DR: This paper presents Tendermint: a Byzantine Fault Tolerant (BFT) application-based blockchain, and shows its main characteristics over traditional blockchain platforms such as Bitcoin or Ethereum.
Abstract: In this paper, we present Tendermint: a Byzantine Fault Tolerant (BFT) application-based blockchain. We show that Tendermint promotes another perception of blockchain programming. Unlike Ethereum which is a blockchain holding many applications, Tendermint proposes to have one application per blockchain. We discuss the idiosyncrasies of Tendermint and how it could, potentially, ease blockchain programming and improve performance. We finish by showing weaknesses of Tendermint, good practices to adopt to hinder security attacks when handling Tendermint nodes, and some potential adjustments in the IBC protocol — an interoperability protocol designed for Tendermint. Our goal is to introduce Tendermint by showing its main characteristics over traditional blockchain platforms such as Bitcoin or Ethereum.

11 citations


Cites methods from "A Survey of Attacks on Ethereum Sma..."

  • ...If the DAO code was on a sovereign chain, the attack would have been probably invalidated — as the nodes are running only the DAO code and retain all benefits in doing so [ABC17], [MD18]....

    [...]

Journal ArticleDOI
07 Feb 2021
TL;DR: LineageChain this article is a fine-grained, secure and efficient provenance system for blockchains that exposes lineage information to smart contracts runtime via simple and elegant interfaces that efficiently and securely support provenance-dependent contracts.
Abstract: The success of Bitcoin and other cryptocurrencies is drawing significant interest to blockchains. A blockchain system implements a tamper-evident ledger for recording transactions that modify some global states. The system captures the entire evolution history of the states. The management of that history, also known as data provenance or lineage, has been studied extensively in database systems. However, querying data history in existing blockchains can only be done by replaying all transactions. This approach is applicable to large-scale, offline analysis, but is not suitable for online transaction processing. In this paper, we identify a new class of blockchain applications whose execution logics depend on provenance information at runtime. We first motivate the need for adding native provenance support to blockchains. We then present LineageChain, a fine-grained, secure and efficient provenance system for blockchains. LineageChain exposes lineage information to smart contracts runtime via simple and elegant interfaces that efficiently and securely support provenance-dependent contracts. LineageChain captures provenance during contract execution and stores it in a Merkle tree. LineageChain provides a novel skip list index designed for efficient provenance queries. We have implemented LineageChain on top of Fabric and a blockchain optimized storage system called ForkBase. Our extensive evaluation of LineageChain demonstrates its benefits to the new class of blockchain applications, its high query performance and its small storage overhead.

11 citations

Journal ArticleDOI
01 Jan 2022-Sensors
TL;DR: This research proposes a highly secure and efficient protection mechanism that is based on the blockchain technology to improve the above disadvantages and confirms the high security and practical feasibility of the proposed system by comparing with the existing methods.
Abstract: Internet of Things (IoT) device security is one of the crucial topics in the field of information security. IoT devices are often protected securely through firmware update. Traditional update methods have their shortcomings, such as bandwidth limitation and being attackers’ easy targets. Although many scholars proposed a variety of methods that are based on the blockchain technology to update the firmware, there are still demerits existing in their schemes, including large storage space and centralized stored firmware. In summary, this research proposes a highly secure and efficient protection mechanism that is based on the blockchain technology to improve the above disadvantages. Therefore, this study can reduce the need of storage space and improve system security. The proposed system has good performance in some events, including firmware integrity, security of IoT device connection, system security, and device anonymity. Furthermore, we confirm the high security and practical feasibility of the proposed system by comparing with the existing methods.

11 citations

Book
09 Feb 2021
TL;DR: In this article, the first widespread application driven by blockchain is described and the interest of the public and private sectors in blockchain has skyrocketed since the introduction of Bitcoin and its adoption.
Abstract: Since the introduction of Bitcoin—the first widespread application driven by blockchain—the interest of the public and private sectors in blockchain has skyrocketed. In recent years, block...

11 citations

References
More filters
Book
01 Jan 2002
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Abstract: Elementary Techniques.- 1. The Basics.- 2. Functional Programming in HOL.- 3. More Functional Programming.- 4. Presenting Theories.- Logic and Sets.- 5. The Rules of the Game.- 6. Sets, Functions, and Relations.- 7. Inductively Defined Sets.- Advanced Material.- 8. More about Types.- 9. Advanced Simplification, Recursion, and Induction.- 10. Case Study: Verifying a Security Protocol.

2,964 citations

01 Jan 2013
TL;DR: Ethereum as mentioned in this paper is a transactional singleton machine with shared state, which can be seen as a simple application on a decentralised, but singleton, compute resource, and it provides a plurality of resources, each with a distinct state and operating code but able to interact through a message-passing framework with others.
Abstract: The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, not least Bitcoin. Each such project can be seen as a simple application on a decentralised, but singleton, compute resource. We can call this paradigm a transactional singleton machine with shared-state. Ethereum implements this paradigm in a generalised manner. Furthermore it provides a plurality of such resources, each with a distinct state and operating code but able to interact through a message-passing framework with others. We discuss its design, implementation issues, the opportunities it provides and the future hurdles we envisage.

2,755 citations

Journal ArticleDOI
TL;DR: Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed.
Abstract: Smart contracts combine protocols with user interfaces to formalize and secure relationships over computer networks. Objectives and principles for the design of these systems are derived from legal principles, economic theory, and theories of reliable and secure protocols. Similarities and differences between smart contracts and traditional business procedures based on written contracts, controls, and static forms are discussed. By using cryptographic and other security mechanisms, we can secure many algorithmically specifiable relationships from breach by principals, and from eavesdropping or malicious interference by third parties, up to considerations of time, user interface, and completeness of the algorithmic specification. This article discusses protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer.

1,495 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
Abstract: Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not received much attention in the literature. This opens the question whether existing security analysis of Bitcoin's PoW applies to other implementations which have been instantiated with different consensus and/or network parameters. In this paper, we introduce a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains. Based on our framework, we devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints such as network propagation, different block sizes, block generation intervals, information propagation mechanism, and the impact of eclipse attacks. Our framework therefore allows us to capture existing PoW-based deployments as well as PoW blockchain variants that are instantiated with different parameters, and to objectively compare the tradeoffs between their performance and security provisions.

1,258 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Abstract: Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.

1,232 citations

Trending Questions (1)
Why ethereum is important?

The provided paper does not explicitly mention why Ethereum is important.