Blockchain Vulnerabilities in Practice

Amiet, Nils

doi:10.1145/3407230

Cited by 19 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some of the well-known tools are Oyente 9 , ZEUS [36], Maian 10 , SmartCheck [37], ContractFuzzer [38], Vandal [27], Ethainter [39], Securify [25], and MadMax [14]. ConsenSys Diligence -an enterprise for comprehensive code reviews of smart contracts developed Mythril 11 which supports detecting security vulnerabilities in EVM-compatible blockchain and MythX to cover a wider range of security issues 12 .…”

Section: Smart Contract Security Methods/toolsmentioning

confidence: 99%

Exploring Security Practices of Smart Contract Developers

Sharma¹,

Zhou²,

Miller³

et al. 2022

Preprint

View full text Add to dashboard Cite

Smart contracts are self-executing programs that run on blockchains (e.g., Ethereum). 680 million US dollars worth of digital assets controlled by smart contracts have been hacked or stolen due to various security vulnerabilities in 2021. Although security is a fundamental concern for smart contracts, it is unclear how smart contract developers approach security. To help fill this research gap, we conducted an exploratory qualitative study consisting of a semi-structured interview and a code review task with 29 smart contract developers with diverse backgrounds, including 10 early stage (less than one year of experience) and 19 experienced (2-5 years of experience) smart contract developers. Our findings show a wide range of smart contract security perceptions and practices including various tools and resources they used. Our early stage developer participants had a much lower success rate (15%) of identifying security vulnerabilities in the code review task than their experienced counterparts (55%). Our hierarchical task analysis of their code reviews implies that just by accessing standard documentation, reference implementations and security tools is not sufficient. Many developers checked those materials or used a security tool but still failed to identify the security issues. In addition, several participants pointed out shortcomings of current smart contract security tooling such as its usability. We discuss how future education and tools could better support developers in ensuring smart contract security.

show abstract

Section: Smart Contract Security Methods/toolsmentioning

confidence: 99%

Exploring Security Practices of Smart Contract Developers

Sharma¹,

Zhou²,

Miller³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…During Ethereum DAO, an external contract was called back into the DAO contract before the first transaction was completed, leading to multiple withdrawals and a significant loss of funds. This attack not only caused a substantial financial loss-3.6 million ETH, valued at approximately $50 million at the time-but also had profound implications on the Ethereum blockchain, leading to a drastic drop in the price of ether and eventually resulting in the split of Ethereum into Ethereum and Ethereum Classic [25,41]. A 51% attack on Ethereum remains an ongoing concern, where an attacker could rent computational power to potentially take over the network, posing a significant financial threat given Ethereum's substantial valuation [7].…”

Section: Case Study: Recent Breaches and Implicationsmentioning

confidence: 99%

“…The potential for a 51% attack remains a critical vulnerability in blockchain systems, as miners with the majority of the network's power can alter transaction data, reverse transactions, and disrupt the validation process [18,23,24,25]. For instance, attackers can exclude or modify the order of transactions, hamper other miners' operations, and impede the confirmation of legitimate transactions [24].…”

Section: Proof Of Work Vulnerability and 51% Attackmentioning

confidence: 99%

Revisiting Blockchain Technologies and Smart Contracts Security: A Pragmatic Exploration of Vulnerabilities, Threats, and Challenges

Nzuva

2024

Asian J. Res. Com. Sci.

View full text Add to dashboard Cite

Aim: This study aims to offer a comprehensive examination of the security vulnerabilities associated with blockchain technology, with the aim of identifying critical challenges and formulating strategic solutions to bolster system integrity and enhance user trust. Methods: The study employs a combination of literature review and case study analysis to explore specific vulnerabilities such as re-entrance attacks, transaction malleability, and the risks associated with third-party integrations. Various recommendations are offered to address the outlined vulnerabilities in blockchains and smart contacts. Conclusion: Securing blockchain platforms against emerging threats requires a multidisciplinary approach that encompasses technological innovation, stringent regulatory oversight, and comprehensive user education. It advocates for ongoing research and collaborative efforts to develop robust security measures that ensure the sustainable integration of blockchain technology into global digital infrastructures, thereby maximizing its transformative potential while minimizing associated risks. Enhancing the understanding of blockchain's security needs and continuously adapting to emerging threats are crucial for the technology’s future resilience and widespread adoption.

show abstract

“…Smart contract security incidents have occurred frequently in recent years. In 2016, an attack against DAO contracts resulted in the loss of more than 3,600,000 Ethers, which stemmed from a reentrancy vulnerability introduced in a critical DAO contract [20]. In 2017, the Parity multi-signature wallet vulnerability resulted in over 513,701 Ethers being locked.…”

Section: Smart Contract Securitymentioning

confidence: 99%

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

Zhang

Jin³

et al. 2022

Sensors

View full text Add to dashboard Cite

With countless devices connected to the Internet of Things, trust mechanisms are especially important. IoT devices are more deeply embedded in the privacy of people’s lives, and their security issues cannot be ignored. Smart contracts backed by blockchain technology have the potential to solve these problems. Therefore, the security of smart contracts cannot be ignored. We propose a flexible and systematic hybrid model, which we call the Serial-Parallel Convolutional Bidirectional Gated Recurrent Network Model incorporating Ensemble Classifiers (SPCBIG-EC). The model showed excellent performance benefits in smart contract vulnerability detection. In addition, we propose a serial-parallel convolution (SPCNN) suitable for our hybrid model. It can extract features from the input sequence for multivariate combinations while retaining temporal structure and location information. The Ensemble Classifier is used in the classification phase of the model to enhance its robustness. In addition, we focused on six typical smart contract vulnerabilities and constructed two datasets, CESC and UCESC, for multi-task vulnerability detection in our experiments. Numerous experiments showed that SPCBIG-EC is better than most existing methods. It is worth mentioning that SPCBIG-EC can achieve F1-scores of 96.74%, 91.62%, and 95.00% for reentrancy, timestamp dependency, and infinite loop vulnerability detection.

show abstract

Blockchain Vulnerabilities in Practice

Abstract: Blockchains are not invulnerable. There are known vulnerabilities in various blockchain ecosystem components. This field note describes some vulnerabilities observed in smart contracts and node software, their exploitation, and how to avoid them, with a focus on the Ethereum ecosystem.

Cited by 19 publications

References 18 publications

Exploring Security Practices of Smart Contract Developers

Exploring Security Practices of Smart Contract Developers

Revisiting Blockchain Technologies and Smart Contracts Security: A Pragmatic Exploration of Vulnerabilities, Threats, and Challenges

SPCBIG-EC: A Robust Serial Hybrid Model for Smart Contract Vulnerability Detection

Contact Info

Product

Resources

About