A Survey of Attacks on Ethereum Smart Contracts (SoK)

  title={A Survey of Attacks on Ethereum Smart Contracts (SoK)},
  author={Nicola Atzei and Massimo Bartoletti and Tiziana Cimoli},
Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. [] Key Result We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.
Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors
This paper classify attack vectors of Ethereum smart contracts, then proposes some behaviour-based methods to detect them, and implements Abbe, a tool that can not only discover known attacks but also detect zero-day vulnerabilities.
Security Assurance for Smart Contract
  • Ence ZhouSong Hua H. Kurihara
  • Computer Science
    2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)
  • 2018
A security assurance method for smart contract source code to find potential security risks, which contains two main functions, the first is syntax topological analysis of smart contract invocation relationship, and the second is logic risk detection and location.
The State of Ethereum Smart Contracts Security: Vulnerabilities, Countermeasures, and Tool Support
The findings indicate that a uniform set of smart contract vulnerability definitions does not exist in research work and bugs pertaining to the same mechanisms sometimes appear with different names, which makes it difficult to identify, categorize, and analyze vulnerabilities.
ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection
This article proposes ContractGuard, the first intrusion detection system (IDS) to defend Ethereum smart contracts against such attacks, and designs it by embedding it in the contracts to profile context-tagged acyclic paths, and optimizing it under the Ethereum gas-oriented performance model.
A Survey on Vulnerabilities of Ethereum Smart Contracts
This paper discusses SC vulnerabilities and classifies them according to the domain knowledge of the faulty operations, reminding developers and software engineers that for SC’s safety, each SC requires proper testing with effective tools to catch those classes’ vulnerabilities.
Ethereum Smart Contracts: Security Vulnerabilities and Security Tools
The main objective is to aid smart contract developers by providing a taxonomy of all known security issues and by inspecting the security code analysis tools used to identify those vulnerabilities by proposing an updated taxonomy which categorizes all known vulnerabilities within their architectural and severity level.
ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be
Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms
This paper proposes a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis that can be more relevant for security and have greater economic consequences than a mistake in the conventional apps.


Making Smart Contracts Smarter
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Formal Verification of Smart Contracts: Short Paper
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification.
The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, with Bitcoin being one of the most notable ones, and Ethereum implements this paradigm in a generalised manner.
Demystifying Incentives in the Consensus Computer
This work calls the framework of computation through a scriptable cryptocurrency a consensus computer and develops a model that captures incentives for verifying computation in it and proposes a resolution to the verifier's dilemma which incentivizes correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify.
On the Security and Performance of Proof of Work Blockchains
This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.
A taxonomy of causes of software vulnerabilities in Internet software
A structured taxonomy of the most frequently occuring causes of vulnerabilities is proposed, which can be useful in a number of scenarios: as an aid for developers, to avoid common pitfalls, as didactical material for students in software engineering or as a “checklist” for software testers or auditors.
Setting Standards for Altering and Undoing Smart Contracts
A new set of standards for the altering and undoing of smart contracts is defined and, then, to prove their worth as a framework, applies to them to an existing smart contract platform (Ethereum).
Malleability of the blockchain’s entropy
This Arcticle analyses the idea to use the inherent unpredictability of blockchains as a source of public randomness and shows how an adversary could manipulate these random numbers, even with limited computational power and financial budget.
Secure Multiparty Computations on Bitcoin
The Bit coin system can be used to go beyond the standard "emulation-based" definition of the MPCs, by constructing protocols that link their inputs and the outputs with the real Bit coin transactions.
Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab
We document our experiences in teaching smart contract programming to undergraduate students at the University of Maryland, the first pedagogical attempt of its kind. Since smart contracts deal