Proceedings ArticleDOI
Making Smart Contracts Smarter
Loi Luu,Duc-Hiep Chu,Hrishi Olickel,Prateek Saxena,Aquinas Hobor +4 more
- pp 254-269
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.Abstract:
Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.read more
Citations
More filters
Journal ArticleDOI
On blockchain and its integration with IoT. Challenges and opportunities
TL;DR: This paper focuses on the relationship between blockchain and IoT, investigates challenges in blockchain IoT applications, and surveys the most relevant work in order to analyze how blockchain could potentially improve the IoT.
Journal ArticleDOI
A survey on the security of blockchain systems
TL;DR: Wang et al. as discussed by the authors conduct a systematic study on the security threats to blockchain and survey the corresponding real attacks by examining popular blockchain systems. And they also review the security enhancement solutions for blockchain, which could be used in the development of various blockchain systems, and suggest some future directions to stir research efforts into this area.
Book ChapterDOI
A Survey of Attacks on Ethereum Smart Contracts SoK
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Journal ArticleDOI
Untangling Blockchain: A Data Processing View of Blockchain Systems
TL;DR: This paper conducts a comprehensive evaluation of three major blockchain systems based on BLOCKBENCH, namely Ethereum, Parity, and Hyperledger Fabric, and discusses several research directions for bringing blockchain performance closer to the realm of databases.
Posted Content
A survey of attacks on Ethereum smart contracts.
TL;DR: In this article, a taxonomy of common programming pitfalls which may lead to security vulnerabilities in Ethereum smart contracts is presented, and a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
References
More filters
Proceedings ArticleDOI
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
Patrick Cousot,Radhia Cousot +1 more
TL;DR: In this paper, the abstract interpretation of programs is used to describe computations in another universe of abstract objects, so that the results of abstract execution give some information on the actual computations.
Journal ArticleDOI
Time, clocks, and the ordering of events in a distributed system
TL;DR: In this article, the concept of one event happening before another in a distributed system is examined, and a distributed algorithm is given for synchronizing a system of logical clocks which can be used to totally order the events.
Journal ArticleDOI
Symbolic execution and program testing
TL;DR: A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language.
Book
The Definition of Standard ML
TL;DR: This book provides a formal definition of Standard ML for the benefit of all concerned with the language, including users and implementers, and the authors have defined their semantic objects in mathematical notation that is completely independent of StandardML.
Proceedings ArticleDOI
Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts
TL;DR: In this article, the authors present Hawk, a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public's view.