A Survey of Attacks on Ethereum Smart Contracts (SoK)

@inproceedings{Atzei2017ASO,
  title={A Survey of Attacks on Ethereum Smart Contracts (SoK)},
  author={Nicola Atzei and Massimo Bartoletti and Tiziana Cimoli},
  booktitle={POST},
  year={2017}
}
Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. [...] Key Result We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.Expand
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
TLDR
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues. Expand
Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors
TLDR
This paper classify attack vectors of Ethereum smart contracts, then proposes some behaviour-based methods to detect them, and implements Abbe, a tool that can not only discover known attacks but also detect zero-day vulnerabilities. Expand
Security Assurance for Smart Contract
  • Ence Zhou, Song Hua, +4 authors H. Kurihara
  • Computer Science
  • 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)
  • 2018
TLDR
A security assurance method for smart contract source code to find potential security risks, which contains two main functions, the first is syntax topological analysis of smart contract invocation relationship, and the second is logic risk detection and location. Expand
SoK: Development of Secure Smart Contracts - Lessons from a Graduate Course
TLDR
This work focuses on smart contracts, which are programs on top of blockchains and cryptocurrencies that allow parties to exchange valuable assets without mutual trust, with smart contracts controlling the interaction between the parties. Expand
ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection
TLDR
This article proposes ContractGuard, the first intrusion detection system (IDS) to defend Ethereum smart contracts against such attacks, and designs it by embedding it in the contracts to profile context-tagged acyclic paths, and optimizing it under the Ethereum gas-oriented performance model. Expand
A Survey on Vulnerabilities of Ethereum Smart Contracts
TLDR
This paper discusses SC vulnerabilities and classifies them according to the domain knowledge of the faulty operations, reminding developers and software engineers that for SC’s safety, each SC requires proper testing with effective tools to catch those classes’ vulnerabilities. Expand
Ethereum Smart Contracts: Security Vulnerabilities and Security Tools
TLDR
The main objective is to aid smart contract developers by providing a taxonomy of all known security issues and by inspecting the security code analysis tools used to identify those vulnerabilities by proposing an updated taxonomy which categorizes all known vulnerabilities within their architectural and severity level. Expand
ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot beExpand
Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms
TLDR
This paper proposes a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis that can be more relevant for security and have greater economic consequences than a mistake in the conventional apps. Expand
A security framework for Ethereum smart contracts
TLDR
ESAF (Ethereum Security Analysis Framework) is presented, a framework for analysis of smart contracts that aims to unify and facilitate the task of analysing smart contract vulnerabilities which can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 44 REFERENCES
Making Smart Contracts Smarter
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. Expand
Formal Verification of Smart Contracts: Short Paper
TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification. Expand
: Formal Verification of Smart Contracts
Ethereum is a cryptocurrency framework that uses blockchain technology to provide an open distributed computing platform, called the Ethereum Virtual Machine (EVM). EVM programs are written inExpand
Formalizing and Securing Relationships on Public Networks
TLDR
Protocols with application in important contracting areas, including credit, content rights management, payment systems, and contracts with bearer are discussed. Expand
ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER
TLDR
The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, with Bitcoin being one of the most notable ones, and Ethereum implements this paradigm in a generalised manner. Expand
Demystifying Incentives in the Consensus Computer
TLDR
This work calls the framework of computation through a scriptable cryptocurrency a consensus computer and develops a model that captures incentives for verifying computation in it and proposes a resolution to the verifier's dilemma which incentivizes correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify. Expand
On the Security and Performance of Proof of Work Blockchains
TLDR
This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints. Expand
Majority is not enough
TLDR
This work shows that the Bitcoin mining protocol is not incentive-compatible, and proposes a practical modification to the Bitcoin protocol that protects Bitcoin in the general case, and prohibits selfish mining by a coalition that command less than 1/4 of the resources. Expand
A taxonomy of causes of software vulnerabilities in Internet software
TLDR
A structured taxonomy of the most frequently occuring causes of vulnerabilities is proposed, which can be useful in a number of scenarios: as an aid for developers, to avoid common pitfalls, as didactical material for students in software engineering or as a “checklist” for software testers or auditors. Expand
Setting Standards for Altering and Undoing Smart Contracts
TLDR
A new set of standards for the altering and undoing of smart contracts is defined and, then, to prove their worth as a framework, applies to them to an existing smart contract platform (Ethereum). Expand
...
1
2
3
4
5
...