Abstract
Ethereum is a leading blockchain platform that supports decentralised applications (Dapps) using smart contract programs. It executes cryptocurrency transactions between user accounts or smart contract accounts. Wallets are utilised to integrate with Dapps to manage and hold users’ transactions and private keys securely and effectively. Ethereum wallets are available in different forms, and we especially examine on-chain smart contract wallets to measure their safeness property. We have conducted an exploratory study on 86 distinct bytecode versions of Ethereum smart contract wallets and analysed them using four popular security scanning tools. We have identified that, on average, 10.2% of on-chain wallets on the Ethereum platform are vulnerable to different problems. We propose a novel analysis framework to classify the security problems in smart contract wallets using the experimental data. Most of the vulnerabilities detected from smart contract wallets are related to security issues in programming code and interaction with external sources. Our experimental results and analysis data are available at https://github.com/ppraithe/on-chain-wallet-contracts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
References
Antonopoulos, A.M., Wood, G.: Mastering Ethereum: Building Smart Contracts and DApps. O’Reilly Media, Sebastopol (2018)
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Chen, T., et al.: An adaptive gas cost mechanism for Ethereum to defend against under-priced DoS attacks. In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_1
Chen, T., et al.: Tokenscope: automatically detecting inconsistent behaviors of cryptocurrency tokens in Ethereum. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1503–1520 (2019)
Cheng, Z., et al.: Towards a first step to understand the cryptocurrency stealing attack on Ethereum. In: Proceedings of the 22nd international Symposium on research in Attacks, Intrusions and Defenses (RAID 2019), pp. 47–60 (2019)
Dannen, C.: Introducing Ethereum and Solidity. Apress, Berkeley (2017). https://doi.org/10.1007/978-1-4842-2535-6
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_6
Destefanis, G., Marchesi, M., Ortu, M., Tonelli, R., Bracciali, A., Hierons, R.: Smart contracts vulnerabilities: a call for blockchain software engineering? In: Proceedings of the 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 19–25 (2018)
Di Angelo, M., Salzer, G.: A survey of tools for analyzing Ethereum smart contracts. In: Proceedings of the 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), pp. 69–78. IEEE (2019)
Di Angelo, M., Salzer, G.: Characteristics of wallet contracts on Ethereum. In: Proceedings of the 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC 2020), pp. 1–2. IEEE (2020)
Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: Proceedings of the 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8–15. IEEE (2019)
Harz, D., Knottenbelt, W.: Towards safer smart contracts: A survey of languages and verification methods. arXiv preprint arXiv:1809.09805 (2018)
Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217. IEEE (2018)
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)
Mueller, B.: Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam (2018)
Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663 (2018)
Palladino, S.: The parity wallet hack explained, July-2017. https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7
Parizi, R.M., Dehghantanha, A., et al.: Smart contract programming languages on blockchains: an empirical evaluation of usability and security. In: Chen, S., Wang, H., Zhang, L.J. (eds.) Blockchain, pp. 75–91. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94478-4_6
Perez, D., Livshits, B.: Broken metre: attacking resource metering in EVM. arXiv preprint arXiv:1909.07220 (2019)
Praitheeshan, P., Pan, L., Yu, J., Liu, J., Doss, R.: Security analysis methods on Ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:1908.08605 (2019)
Praitheeshan, P., Xin, Y.W., Pan, L., Doss, R.: Attainable hacks on Keystore files in Ethereum wallets—a systematic analysis. In: Doss, R., Piramuthu, S., Zhou, W. (eds.) FNSS 2019. CCIS, vol. 1113, pp. 99–117. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34353-8_7
Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: static analysis of Ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)
Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in Ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151, 1–32 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix A Interactions of Smart Contract Wallets
Inter-playing components with Ethereum smart contract wallets
Appendix B Smart Contract Wallets Data
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Praitheeshan, P., Pan, L., Doss, R. (2020). Security Evaluation of Smart Contract-Based On-chain Ethereum Wallets. In: Kutyłowski, M., Zhang, J., Chen, C. (eds) Network and System Security. NSS 2020. Lecture Notes in Computer Science(), vol 12570. Springer, Cham. https://doi.org/10.1007/978-3-030-65745-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-65745-1_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65744-4
Online ISBN: 978-3-030-65745-1
eBook Packages: Computer ScienceComputer Science (R0)