ACM Digital Library home
ACM home
Advanced Search
10.1007/978-3-662-54455-6_8guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedings
ARTICLE

A Survey of Attacks on Ethereum Smart Contracts SoK

Publication: Proceedings of the 6th International Conference on Principles of Security and Trust - Volume 10204April 2017 Pages 164–186https://doi.org/10.1007/978-3-662-54455-6_8
  • 49citation
  • 0
    • Downloads
Metrics
Total Citations49
Total Downloads0
Last 12 Months0
Last 6 weeks0

ABSTRACT

Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

References

  1. Announcement of imminent hard fork for EIP150 gas cost changes. https://blog.ethereum.org/2016/10/13/announcement-imminent-hard-fork-eip150-gas-cost-changes/Google ScholarGoogle Scholar
  2. Bitcointalk: Hi!My name is Rubixi. https://bitcointalk.org/index.php?topic=1400536.60Google ScholarGoogle Scholar
  3. Ethereum Classic. https://ethereumclassic.github.io/Google ScholarGoogle Scholar
  4. The ethereum network is currently undergoing a dos attack. https://blog.ethereum.org/2016/09/22/ethereum-network-currently-undergoing-dos-attack/Google ScholarGoogle Scholar
  5. Ethereum reddit page. https://www.reddit.com/r/ethereumGoogle ScholarGoogle Scholar
  6. Ethereum Wiki: Contract security techniques and tips. https://github.com/ethereum/wiki/wiki/SafetyGoogle ScholarGoogle Scholar
  7. Explaining eip 150. https://www.reddit.com/r/ethereum/comments/56f6we/explaining_eip_150/Google ScholarGoogle Scholar
  8. GovernMental main page. http://governmental.github.io/GovernMental/Google ScholarGoogle Scholar
  9. Hacking, Distribute: Scanning live Ethereum contracts for the "unchecked-send" bug. http://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/Google ScholarGoogle Scholar
  10. King of the Ether Throne: Post mortem investigation. https://www.kingoftheether.com/postmortem.htmlGoogle ScholarGoogle Scholar
  11. MAker DART: a random number generating game for Ethereum. https://github.com/makerdao/maker-dartsGoogle ScholarGoogle Scholar
  12. RANDAO: a DAO working as RNG of Ethereum. https://github.com/randao/randaoGoogle ScholarGoogle Scholar
  13. Solidity: security considerations. http://solidity.readthedocs.io/en/develop/index.htmlGoogle ScholarGoogle Scholar
  14. Understanding the DAO attack. http://www.coindesk.com/understanding-dao-hack-journalists/Google ScholarGoogle Scholar
  15. Anderson, L., Holz, R., Ponomarev, A., Rimba, P., Weber, I.: New kids on the block: an analysis of modern blockchains. CoRR, abs/1606.06530 2016Google ScholarGoogle Scholar
  16. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on Bitcoin. In: IEEE S&P, pp. 443---458 2014 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Rastogi, A., Sibut-Pinote, T., Swamy, N., Zanella-Beguelin, S.: Formal verification of smart contracts. In: PLAS 2016 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Bishop, M.: A taxonomy of Unix system and network vulnerabilities. Technical Report, CSE-95-10, Department of Computer Science, University of California at Davis 1995Google ScholarGoogle Scholar
  19. Bishop, M.: Vulnerabilities analysis. In: Proceedings of the Recent Advances in Intrusion Detection, pp. 125---136 1999Google ScholarGoogle Scholar
  20. Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. ed. CRYPTO 2000. LNCS, vol. 1880, pp. 236---254. Springer, Heidelberg 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Bonneau, J., Clark, J., Goldfeder, S.: On Bitcoin as a public randomness source. IACR Cryptology ePrint Archive 2015, 1015 2015Google ScholarGoogle Scholar
  22. Brown, R.G., Carlyle, J., Grigg, I., Hearn, M.: Corda: an introduction 2016. http://r3cev.com/s/corda-introductory-whitepaper-final.pdfGoogle ScholarGoogle Scholar
  23. Buterin, V.: Ethereum: a next generation smart contract and decentralized application platform 2013. https://github.com/ethereum/wiki/wiki/White-PaperGoogle ScholarGoogle Scholar
  24. Churyumov, A.: Byteball: a decentralized system for transfer of value 2016. https://byteball.org/Byteball.pdfGoogle ScholarGoogle Scholar
  25. Clack, C.D., Bakshi, V.A., Braine, L.: Smart contract templates: foundations, design landscape and research directions. CoRR abs/1608.00771 2016Google ScholarGoogle Scholar
  26. Delmolino, K., Arnett, M., Kosba, A.M.A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a crypto currency lab 2016Google ScholarGoogle Scholar
  27. Etherscripter. http://etherscripter.comGoogle ScholarGoogle Scholar
  28. Eyal, I., Sirer, E.: Majority is not enough: bitcoin mining is vulnerable. In: Financial Cryptography and Data Security, pp. 436---454 2014Google ScholarGoogle Scholar
  29. Frantz, C.K., Nowostawski, M.: From institutions to code: towards automated generation of smart contracts. In: Workshop on Engineering Collective Adaptive Systems eCAS 2016Google ScholarGoogle Scholar
  30. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. eds. EUROCRYPT 2015. LNCS, vol. 9057, pp. 281---310. Springer, Heidelberg 2015.Google ScholarGoogle ScholarCross RefCross Ref
  31. Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM CCS, pp. 3---16 2016 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Hirai, Y.: Formal verification of Deed contract in Ethereum name service. https://yoichihirai.com/deed.pdfGoogle ScholarGoogle Scholar
  33. Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 263, 211---254 1994 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: ACM CCS 2016. http://eprint.iacr.org/2016/633 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Luu, L., Teutsch, J., Kulkarni, R., Saxena, P.: Demystifying incentives in the consensus computer. In: ACM CCS, pp. 706---719 2015 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Marino, B., Juels, A.: Setting standards for altering and undoing smart contracts. In: RuleML, pp. 151---166 2016Google ScholarGoogle ScholarCross RefCross Ref
  37. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system 2008. https://bitcoin.org/bitcoin.pdfGoogle ScholarGoogle Scholar
  38. Nipkow, T., Wenzel, M., Paulson, L.C. eds.: Isabelle/HOL: A Proof Assistant for Higherorder. LNCS, vol. 2283. Springer, Heidelberg 2002 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Nomura Research Institute: Survey on blockchain technologies and related services. http://www.meti.go.jp/english/press/2016/pdf/0531_01f.pdfGoogle ScholarGoogle Scholar
  40. Pierrot, C., Wesolowski, B.: Malleability of the blockchain's entropy. IACR Cryptology ePrint Archive 2016, 370 2016Google ScholarGoogle Scholar
  41. Piessens, F.: A taxonomy of causes of software vulnerabilities in internet software. In: International Symposium on Software Reliability Engineering, pp. 47---52 2002Google ScholarGoogle Scholar
  42. Popejoy, S.: The Pact smart contract language 2016. http://kadena.io/pactGoogle ScholarGoogle Scholar
  43. Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in bitcoin. In: Böhme, R., Okamoto, T. eds. FC 2015. LNCS, vol. 8975, pp. 507---527. Springer, Heidelberg 2015.Google ScholarGoogle Scholar
  44. Swamy, N., Hritcu, C., Keller, C., Rastogi, A., Delignat-Lavaud, A., Forest, S., Bhargavan, K., Fournet, C., Strub, P., Kohlweiss, M., Zinzindohoue, J.K., Béguelin, S.Z.: Dependent types and multi-monadic effects in F*. In: POPL 2016 Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Szabo, N.: Formalizing and securing relationships on public networks. First Monday 29 1997. http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/548Google ScholarGoogle Scholar
  46. UK Government Chief Scientific Adviser: Distributed ledger technology: beyond block chain. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/gs-16-1-distributed-ledger-technology.pdfGoogle ScholarGoogle Scholar
  47. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger 2014. gavwood.com/paper.pdfGoogle ScholarGoogle Scholar
  48. Wüst, K., Gervais, A.: Ethereum Eclipse Attacks. Technical report, ETH-Zürich 2016Google ScholarGoogle Scholar

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in

Full Access

Get this Publication
View Table of Contents
About Cookies On This Site

We use cookies to ensure that we give you the best experience on our website.

Learn more

Got it!