In Ethereum blockchain, smart contracts are immutable, public, and distributed. However, they are subject to many vulnerabilities stemming from coding errors made by developers. Seven cybersecurity incidents occurred in Ethereum smart contracts between 2016 and 2018, which led to financial losses estimated to be over US$ 289 million. Reentrancy vulnerability was the cause of two of these incidents, and the impacts went far beyond financial loss. Several reentrancy countermeasures are available, which are based on predefined patterns that are used to prevent vulnerability exploitation before the deployment of a smart contract; however, several limitations have been identified in these countermeasures. Motivated by all these issues, the objective of this article is to help developers improve the cybersecurity of smart contracts by proposing a solution that calculates the difference between the contract balance and the total balance of all participants in a smart contract before and after any operation in a transaction that changes its state. Proof-of-concept implementations show that this solution can provide a detection and prevention mechanism against reentrancy attacks during the execution of any smart contract.
Blockchain technology has become one of the most popular technologies for maintaining digital transactions. From the foundation of Bitcoin to the now predominant smart contract, blockchain technology promises to induce a shift in thought about digital transactions in many fields, such as energy, healthcare, Internet of Things, cybersecurity, financial services and the supply chain. Despite blockchain technology offers many cryptography advantages such as immutability, digital signature and hashing; it has suffered from several critical cybersecurity threats and vulnerabilities. In this paper, we build upon the previous studies on vulnerabilities and investigates over 60 real cybersecurity incidents that have been happening on the blockchain networks between 2009 and 2019. We categorise those incidents against the key cybersecurity vulnerabilities in blockchain technologies; and have developed a taxonomy that captures five types of cybersecurity threats and vulnerabilities based on five main players in blockchain. The outcome of this research prompted concerns and research direction in developing countermeasures to alleviate these risks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.