Portal de Periódicos da CAPES

An Insecurity Study of Ethereum Smart Contracts

2020; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-030-66626-2_10

1611-3349

Bishwas C Gupta, Nitesh Kumar, Anand Handa, Sandeep K. Shukla,

Advanced Malware Detection Techniques

Ethereum is the second most valuable cryptocurrency, right after Bitcoin. The most distinguishing feature of Ethereum was the introduction of smart contracts which are essentially small computer programs that sit on top of the blockchain. They are written in programming languages like Solidity and are executed by the Ethereum Virtual Machine (EVM). Since these contracts are present on the blockchain itself, they become immutable as long as the blockchains integrity is not compromised. This makes it a nightmare for security researchers as the vulnerabilities found cannot be patched. Also, since Ethereum is a public blockchain, all the contract bytecodes are available publicly. The DAO and the Parity attack are two prominent attacks that have caused great monetary losses. There are many tools that have been developed to cope with these challenges. However, the lack of a benchmark to compare these tools, non-standard vulnerability naming conventions, etc. make the job of a security analyst very difficult. This paper provides the first ever comprehensive comparison of smart contract vulnerability discovery tools which are available in the public domain based on a comprehensive benchmark developed here. The benchmark development is based on a novel taxonomy of smart contract vulnerabilities which has been created after a thorough study of security vulnerabilities present in smart contracts.