Research on Blockchain Smart Contracts Vulnerability and A Code Audit Tool based on Matching Rules
Pages 484 - 489
Abstract
As an emerging service architecture of multi-technology integration, blockchain draws the attention of public because of smart contracts which implement a secure and tamper-proof programming. However, due to the complexity of this architecture, there exists endless attacks against blockchain. Smart contracts as the application layer prototype of blockchain, face more severe security risks. This paper detailly lists the security events of smart contracts in recent years, summarizes several common attack modes, then introduces their principles and analyzes the commonness. Finally, an original version of the contract code audit tool based on matching rules is given. The tool can ensure that the contract has a complete audit process before deployment, so as to decrease the DApp vulnerability caused by poor programming. Moreover, the matching rule library supports customization, the tool can be updated timely to enhance its audit ability.
References
[1]
Nakamoto S. 2008. Bitcoin: A peer-to-peer electronic cash system.[J].
[2]
Buterin, V. 2014. Ethereum: A next-generation cryptocurrency and decentralized application platform. Bitcoin Magazine, 23.
[3]
Wood, G. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151(2014), 1--32.
[4]
Chinen, Y., Yanai, N., Cruz, J. P., & Okamura, S. 2020. Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis. arXiv preprint arXiv:2007.01029.
[5]
Rodler, M., Li, W., Karame, G. O., & Davi, L. 2018. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934.
[6]
Samuel Falkon. 2017. The Story of the DAO --- Its History and Consequences. https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee.
[7]
call-depth-attacks.2017. https://ethereum.stackexchange.com/questions/tagged/call-depth-attacks.
[8]
Pete Humiston. 2018. Smart Contract Attacks [Part 2] - Ponzi Games Gone Wrong. https://hackernoon.com/smart-contract-attacks-part-2-ponzi-games-gone-wrong-d5a8b1a98dd8.
[9]
Sayeed, S., Marco-Gisbert, H., & Caira, T. 2020. Smart Contract: Attacks and Protections. IEEE Access, 8, 24416--24427.
[10]
Boireau, O. (2018). Securing the blockchain against hackers. Network Security, 2018(1), 8--11.
[11]
Praitheeshan, P., Pan, L., Yu, J., Liu, J., & Doss, R. 2019. Security analysis methods on Ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:1908.08605.
[12]
Perez, D., & Livshits, B. 2019. Broken metre: Attacking resource metering in evm. arXiv preprint arXiv:1909.07220.
[13]
ANDREW SINGER. 2020. https://cointelegraph.com/news/defi-be-warned-the-short-unhappy-life-of-yam-finance.
[14]
p0n1. 2018. A disastrous vulnerability found in smart contracts of BeautyChain (BEC). https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e.
[15]
Chen, Weili & Zheng, Zibin & Ngai, Edith & Zheng, Peilin & Zhou, Yuren. 2019. Exploiting Blockchain Data to Detect Smart Ponzi Schemes on Ethereum. IEEE Access. PP. 1--1. 10.1109/ACCESS.2019.2905769.
[16]
Cali Haan. 2020. Hackers Exploited Parity Node Bug to Attack Ethereum Network December 30th. https://www.crowdfundinsider.com/2020/01/155850-hackers-exploited-parity-node-bug-to-attack-ethereum-network-december-30th/.
[17]
IMEOS. An inventory of the incidents of Fomo3D werewolf killing, EOSBet, EOSDice and other 18 security vulnerabilities. 2018. https://www.jinse.com/bitcoin/274171.html.
[18]
Atzei, N., Bartoletti, M., & Cimoli, T. 2016. A survey of attacks on Ethereum smart contracts. IACR Cryptol. ePrint Arch., 2016, 1007.
[19]
Parity Technologies. 2017. Security Alert. https://www.parity.io/security-alert-2/.
Index Terms
- Research on Blockchain Smart Contracts Vulnerability and A Code Audit Tool based on Matching Rules
Recommendations
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
Making Smart Contracts Smarter
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityCryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has ...
Security Vulnerabilities in Ethereum Smart Contracts
iiWAS2018: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & ServicesSmart contracts (SC) are one of the most appealing features of blockchain technologies facilitating, executing, and enforcing predefined terms of coded contracts without intermediaries. The steady adoption of smart contracts on the Ethereum blockchain ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2020
597 pages
ISBN:9781450387828
DOI:10.1145/3444370
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Sun Yat-Sen University
- CARLETON UNIVERSITY: INSTITUTE FOR INTERDISCIPLINARY STUDIES
- Beijing University of Posts and Telecommunications
- Guangdong University of Technology: Guangdong University of Technology
- Deakin University
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 January 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CIAT 2020
CIAT 2020: 2020 International Conference on Cyberspace Innovation of Advanced Technologies
December 4 - 6, 2020
Guangzhou, China
Acceptance Rates
CIAT 2020 Paper Acceptance Rate 94 of 232 submissions, 41%;
Overall Acceptance Rate 94 of 232 submissions, 41%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 200Total Downloads
- Downloads (Last 12 months)29
- Downloads (Last 6 weeks)4
Reflects downloads up to 16 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in