Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Rodler, Michael; Li, Wenting; Karame, Ghassan; Davi, Lucas

doi:10.48550/arxiv.1812.05934

Cited by 20 publications

(39 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly to related work [21], in the lack of appropriate ground truth, false negatives could no be accounted for in a precise manner. However, for TheDAO and SpankPay we did confirm that EtherClue was able to detect all exploit transactions detected by Sereum [22]. Duration times include the entire period as of when the EtherClue orchestrator is invoked with the given block range until all transaction processing terminate.…”

Section: Resultsmentioning

confidence: 83%

“…As described in Section 1, EtherClue's scope complements smart contract-centric vulnerability detection tools with a transaction-centric one intended for incident response. In this respect, TxSpector [21], Sereum [22] and DEFIER [23] fall into this category, presenting candidate comparison targets. However, one of the main issues of this research topic is that it lacks a standardised framework to leverage a sound comparison between the state of the art methods.…”

Section: Resultsmentioning

confidence: 99%

“…Ultimately, given the limited way we were able to compare EtherClue with existing tools so far, further enhancements require the support of clear comparisons for proper evaluation. Specifically, we encountered substantial difficulties in making use of datasets, at least beyond the limited one provided by Sereum [22], due to the lack of properly labelled ground truth and harmonized definitions of what constitutes an exploit transaction, amongst others. Therefore, we believe that studying standardised criteria to measure the quality of the tools with unified benchmarks and metrics is a promising research line in its own right.…”

Section: Discussionmentioning

confidence: 99%

“…Manually written logic rules are used to identify those traces, at this point represented as logical relations, generated from known attacks. TxSpector can be seen to be a generalization of Sereum [22], which take a dynamic taint analysis approach to detect reentrancy exploit transactions. While Sereum was originally positioned as a real-time detector, implemented by customizing an Ethereum node, its underpinning technique could still be employed in a post-factum manner to flag transactions in a similar fashion to TxSpector.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

EtherClue: Digital investigation of attacks on Ethereum smart contracts

Aquilina,

Casino,

Vella

et al. 2021

Preprint

View full text Add to dashboard Cite

Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks, the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.In this work, we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise (IoCs) specially crafted for use in the blockchain. IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain. Therefore, we define a model for smart contract execution, comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain. Subsequently, we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue, a prototype tool for investigating Ethereum security incidents. Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation; however, they are contract-specific and suffer from false negatives. On the other hand, fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation which are nevertheless applicable for practical use.

show abstract

Section: Resultsmentioning

confidence: 83%

Section: Resultsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

EtherClue: Digital investigation of attacks on Ethereum smart contracts

Aquilina,

Casino,

Vella

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Many solutions have been suggested to overcome the reentrancy attack on smart contracts. For example, one approach called Sereum [351] is proposed to solve the re-entrance attack, allowing for dynamic taint tracking of smart contract data flows. ReGuard [352] is an automatic detection system that conducts fuzzing tests in order to fix the issue of re-entry attacks.…”

Section: Re-entrancy Attackmentioning

confidence: 99%

A Taxonomy Study on Securing Blockchain-based Industrial Applications: An Overview, Application Perspectives, Requirements, Attacks, Countermeasures, and Open Issues

Hameed¹,

Barika²,

Garg³

et al. 2021

Preprint

View full text Add to dashboard Cite

Blockchain technology has taken on a leading role in today's industrial applications by providing salient features and showing significant performance since its beginning. Blockchain began its journey from the concept of cryptocurrency and is now part of a range of core applications to achieve resilience and automation between various tasks. With the integration of Blockchain technology into different industrial applications, many application designs, security and privacy challenges present themselves, posing serious threats to users and their data. Although several approaches have been proposed to address the specific security and privacy needs of targeted applications with functional parameters, there is still a need for a research study on the application, security and privacy challenges, and requirements of Blockchain-based industrial applications, along with possible security threats and countermeasures. This study presents a state-of-the-art survey of Blockchain-based Industry 4.0 applications, focusing on crucial application and security and privacy requirements, as well as corresponding attacks on Blockchain systems with potential countermeasures. We also analyse and provide the classification of different security and privacy techniques used in these applications to enhance the advancement of security features. Furthermore, we highlight some open issues in industrial applications that help to design secure Blockchain-based applications as future directions.

show abstract

A Study on Smart Contract Security Vulnerabilities

Bhajanka,

Pradhan

2024

Communications in Computer and Information Science

View full text Add to dashboard Cite

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Cited by 20 publications

References 0 publications

EtherClue: Digital investigation of attacks on Ethereum smart contracts

EtherClue: Digital investigation of attacks on Ethereum smart contracts

A Taxonomy Study on Securing Blockchain-based Industrial Applications: An Overview, Application Perspectives, Requirements, Attacks, Countermeasures, and Open Issues

A Study on Smart Contract Security Vulnerabilities

Contact Info

Product

Resources

About