Making Smart Contracts Smarter

Luu, Loi and Duc-Hiep, Chu and Olickel, Hrishi and Saxena, Prateek and Hobor, Aquinas (2016) Making Smart Contracts Smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.

[img] Text
smart_contracts_smarter.pdf
Restricted to Registered users only
Download (1MB)

Abstract

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.

Item Type: Conference or Workshop Item (Paper)
Subjects: Main Topics > Bitcoin
Main Topics > Blockchain
Projects > BloSSom 2019
Main Topics > Crypto Currency
Main Topics > Ethereum
Main Topics > Security
Main Topics > Smart Contracts
Divisions: Computer Science
Depositing User: Unnamed user with email richard.dabels@uni-rostock.de
Date Deposited: 04 Sep 2019 16:33
Last Modified: 04 Sep 2019 16:33
URI: http://blossom.informatik.uni-rostock.de/id/eprint/65

Actions (login required)

View Item View Item
Blockchain is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.