scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Survey of Attacks on Ethereum Smart Contracts SoK

22 Apr 2017-Vol. 10204, pp 164-186
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Citations
More filters
Journal ArticleDOI
TL;DR: A comprehensive classification of blockchain-enabled applications across diverse sectors such as supply chain, business, healthcare, IoT, privacy, and data management is presented, and key themes, trends and emerging areas for research are established.

1,310 citations


Cites background from "A Survey of Attacks on Ethereum Sma..."

  • ...In particular, blockchain-based systems supporting SCs enable more complex processes and interactions so they establish a new paradigm with practically limitless applications....

    [...]

  • ...SCs defined in 1994 by Szabo as: “a computerised transaction protocol that executes the terms of a contract” (Szabo, 1994), allow us to translate contractual clauses into embeddable code (Szabo, 1997) thus minimizing external participation and risks....

    [...]

  • ...In these contexts, the information monitored by the devices could be stored in the form of SCs or transactions into the blockchain....

    [...]

  • ...In particular, blockchain technology and the use of SCs could solve problems of scientific credibility of findings (missing data, endpoint switching, data dredging, and selective publication) in clinical trials (Nugent et al., 2016) as well as issues of patients’ informed consent (Benchoufi and Ravaud, 2017; Benchoufi et al., 2017)....

    [...]

  • ...Therefore, blockchain applications that implement SCs to verify multiple types of operations, such as individual properties, are used to state the contractual relationships between the Internet actors, being them companies or individuals (Chen and Zhu, 2017; Ishmaev, 2017; Governatori et al., 2018; Herian, 2017)....

    [...]

Journal ArticleDOI
Ana Reyna1, Cristian Martín1, Jaime Chen1, Enrique Soler1, Manuel Díaz1 
TL;DR: This paper focuses on the relationship between blockchain and IoT, investigates challenges in blockchain IoT applications, and surveys the most relevant work in order to analyze how blockchain could potentially improve the IoT.

1,255 citations

Journal ArticleDOI
TL;DR: Wang et al. as discussed by the authors conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popular blockchain systems. And they also review the security enhancement solutions for blockchain, which could be used in the development of various blockchain systems, and suggest some future directions to stir research efforts into this area.

1,071 citations

Proceedings ArticleDOI
15 Oct 2018
TL;DR: Securify as mentioned in this paper is a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property.
Abstract: Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed >18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

688 citations

Journal ArticleDOI
TL;DR: A critical assessment of the often exaggerated benefits of blockchain technology found in the literature is presented and a shift from a technology-driven to need-driven approach in which blockchain applications are customized to ensure a fit with requirements of administrative processes is pleaded.

686 citations


Cites background from "A Survey of Attacks on Ethereum Sma..."

  • ...the miners that control more than half of the PoW resources can control the inclusion of new blocks and also possibly rewrite the BC history (Atzei et al., 2017)....

    [...]

References
More filters
Proceedings ArticleDOI
12 Oct 2015
TL;DR: In this article, the verifier's dilemma is used to incentivize correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify, where rational miners are well incentivized to accept unvalidated blockchains.
Abstract: Cryptocurrencies like Bitcoin and the more recent Ethereum system allow users to specify scripts in transactions and contracts to support applications beyond simple cash transactions. In this work, we analyze the extent to which these systems can enforce the correct semantics of scripts. We show that when a script execution requires nontrivial computation effort, practical attacks exist which either waste miners' computational resources or lead miners to accept incorrect script results. These attacks drive miners to an ill-fated choice, which we call the verifier's dilemma, whereby rational miners are well-incentivized to accept unvalidated blockchains. We call the framework of computation through a scriptable cryptocurrency a consensus computer and develop a model that captures incentives for verifying computation in it. We propose a resolution to the verifier's dilemma which incentivizes correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify. Finally we discuss two distinct, practical implementations of our consensus computer in real cryptocurrency networks like Ethereum.

208 citations

Proceedings ArticleDOI
01 Sep 2016
TL;DR: A modeling approach is proposed that supports the semi-automated translation of human-readable contract representations into computational equivalents in order to enable the codification of laws into verifiable and enforceable computational structures that reside within a public blockchain.
Abstract: Blockchain technology has emerged as a solution to consistency problems in peer to peer networks. By now, it has matured as a solution to a range of use cases in which it can effectively provide the notion of third party trust without the need for a trusted (physical) third party, which makes it an attractive coordination mechanism for distributed systems. To promote the wide adoption of this technology, we yet lack mechanisms that make the specification and interpretation of smart contracts accessible to a broader audience. In this work, we propose a modeling approach that supports the semi-automated translation of human-readable contract representations into computational equivalents in order to enable the codification of laws into verifiable and enforceable computational structures that reside within a public blockchain. We identify smart contract components that correspond to real world institutions, and propose a mapping that we operationalize using a domain-specific language in order to support the contract modeling process. We explore this capability based on selected examples and plot out directions for future research on smart contracts.

189 citations

01 Jan 1997
TL;DR: This Notice is required to be posted by Executive Order 13201, which was signed by President George W. Bush on February 17, 2001.
Abstract: You can download copies of this poster from www.olms.dol.gov, send a request to OLMS-Public@dol.gov, or call 1-866-4-USA-DOL. U.S. Department of Labor Employment Standards Administration Washington, D.C. 20210 This Notice is required to be posted by Executive Order 13201, which was signed by President George W. Bush on February 17, 2001. Under Federal law, employees cannot be required to join a union or maintain membership in a union in order to retain their jobs. Under certain conditions, the law permits a union and an employer to enter into a union-security agreement requiring employees to pay uniform periodic dues and initiation fees. However, employees who are not union members can object to the use of their payments for certain purposes and can only be required to pay their share of union costs relating to collective bargaining, contract administration, and grievance adjustment.

114 citations

Posted Content
TL;DR: In this article, the authors formalize the use of Bitcoin as a source of publicly verifiable randomness and show that any attack on this beacon would form an attack on Bitcoin itself and hence have a monetary cost that they can bound, unlike any other construction for a public randomness beacon in the literature.
Abstract: 1 Stanford University 2 Concordia University 3 Princeton University Abstract. We formalize the use of Bitcoin as a source of publiclyverifiable randomness. As a side-effect of Bitcoin’s proof-of-work-based consensus system, random values are broadcast every time new blocks are mined. We can derive strong lower bounds on the computational min-entropy in each block: currently, at least 68 bits of min-entropy are produced every 10 minutes, from which one can derive over 32 nearuniform bits using standard extractor techniques. We show that any attack on this beacon would form an attack on Bitcoin itself and hence have a monetary cost that we can bound, unlike any other construction for a public randomness beacon in the literature. In our simplest construction, we show that a lottery producing a single unbiased bit is manipulation-resistant against an attacker with a stake of less than 50 bitcoins in the output, or about US$12,000 today. Finally, we propose making the beacon output available to smart contracts and demonstrate that this simple tool enables a number of interesting applications.

105 citations

Book ChapterDOI
06 Jul 2016
TL;DR: A new set of standards for the altering and undoing of smart contracts is defined and, then, to prove their worth as a framework, applies to them to an existing smart contract platform (Ethereum).
Abstract: Often, we wish to let parties alter or undo a contract that has been made. Toward this end, contract law has developed a set of traditional tools for altering and undoing contracts. Unfortunately, these tools often fail when applied to smart contracts. It is therefore necessary to define a new set of standards for the altering and undoing of smart contracts. These standards might ensure that the tools we use to alter and undo smart contracts achieve their original (contract law) goals when applied to this new technology. This paper develops such a set of standards and, then, to prove their worth as a framework, applies to them to an existing smart contract platform (Ethereum).

80 citations

Trending Questions (1)
Why ethereum is important?

The provided paper does not explicitly mention why Ethereum is important.