nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

A Survey of Attacks on Ethereum Smart Contracts (SoK)

verfasst von : Nicola Atzei, Massimo Bartoletti, Tiziana Cimoli

Erschienen in: Principles of Security and Trust

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel On Communication Models When Verifying Equivalence Properties

Nächstes Kapitel Security Analysis of Cache Replacement Policies

Currently, Solidity is the only high-level language supported by the Ethereum community. Unless otherwise stated, in our examples we use version 0.3.1 of the compiler, released on March 31st, 2016.

Addresses are sequences of 160 bits which uniquely identify contracts and users.

Were the gas returned to callers in case of exceptions, an adversary could mount a DoS attack by repeatedly invoking a function which just throws an exception.

Systems with low mining rate — like e.g. Bitcoin (1 block/10 min) — have a small probability of forks, hence typically they do not reward discarded blocks.

Note however that a recent paper [31] argues that, while uncle blocks do provide block rewards to miners, they do not contribute towards the difficulty of the main chain. Therefore, Ethereum does not actually apply the GHOST protocol.

Although the use of call is discouraged, in some cases this is the only possible way to transfer ether to contracts (see the “gasless send” vulnerability at page 8).

As for call, the use of delegatecall is discouraged.

Note that the return value of a function invoked via call is not returned.

The actual number g of gas units depends on the version of the compiler. In versions \(< 0.4.0\), \(g = 0\) if \(\mathtt{{amount}}=0\), otherwise \(g = 2300\). In versions \(\ge 0.4.0\), \(g = 2300\).

Starting from version 0.4.0 of the Solidity compiler, an exception is thrown if the invoked address is associated with no code.

This is one of the main points advertised by the slogan: “Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference”.

The tolerance in the choice of the timestamp was \(\sim \)900 s in a previous version of the protocol, but currently it has been reduced to a few seconds.

This code works until Solidity v0.4.2. From there on, some changes to the syntax are needed as shown in co2.unica.it/ethereum/doc/attacks.html#simpledao.

This code works until Solidity v0.4.2. From there on, some changes to the syntax are needed as shown in co2.unica.it/ethereum/doc/attacks.html#kotet.

From Solidity v0.4.2. the compiler gives a warning if the return code of send is not checked. However, a malevolent programmer can easily fool the compiler by adding a fake check like bool res = king.send(compensation).

This code works until Solidity v0.4.2. From there on, some changes to the syntax are needed as shown in co2.unica.it/ethereum/doc/attacks.html#oddsandevens.

A similar attack on a “rock-paper-scissors” game is presented in [26].

Contextually with the hard-fork of the 17th of June, the gas limit has been raised, so allowing the winner to rescue the jackpot of \(\sim 1100\textit{ether} \).

The attacks #1 and #3 have been also reported in [34], while attack #2 is fresh.

As mentioned in Sect. 3, this attack is no longer possible since October 18, 2016.

From Solidity v0.4.2., it is no longer possible to instantiate a library via Set(addr): instead, the library address must be set via command line. However, a similar attack is still possible by using delegatecall, as shown in co2.unica.it/ethereum/doc/ attacks.html#dynamic-libraries-v4-2.

Announcement of imminent hard fork for EIP150 gas cost changes. https://blog.ethereum.org/2016/10/13/announcement-imminent-hard-fork-eip150-gas-cost-changes/

Bitcointalk: Hi!My name is Rubixi. https://bitcointalk.org/index.php?topic=1400536.60

Ethereum Classic. https://ethereumclassic.github.io/

The ethereum network is currently undergoing a dos attack. https://blog.ethereum.org/2016/09/22/ethereum-network-currently-undergoing-dos-attack/

Ethereum reddit page. https://www.reddit.com/r/ethereum

Ethereum Wiki: Contract security techniques and tips. https://github.com/ethereum/wiki/wiki/Safety

Explaining eip 150. https://www.reddit.com/r/ethereum/comments/56f6we/explaining_eip_150/

GovernMental main page. http://governmental.github.io/GovernMental/

Hacking, Distribute: Scanning live Ethereum contracts for the “unchecked-send” bug. http://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/

10.

King of the Ether Throne: Post mortem investigation. https://www.kingoftheether.com/postmortem.html

11.

MAker DART: a random number generating game for Ethereum. https://github.com/makerdao/maker-darts

12.

RANDAO: a DAO working as RNG of Ethereum. https://github.com/randao/randao

13.

Solidity: security considerations. http://solidity.readthedocs.io/en/develop/index.html

14.

Understanding the DAO attack. http://www.coindesk.com/understanding-dao-hack-journalists/

15.

Anderson, L., Holz, R., Ponomarev, A., Rimba, P., Weber, I.: New kids on the block: an analysis of modern blockchains. CoRR, abs/1606.06530 (2016)

16.

Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on Bitcoin. In: IEEE S&P, pp. 443–458 (2014)

17.

Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Rastogi, A., Sibut-Pinote, T., Swamy, N., Zanella-Beguelin, S.: Formal verification of smart contracts. In: PLAS (2016)

18.

Bishop, M.: A taxonomy of Unix system and network vulnerabilities. Technical Report, CSE-95-10, Department of Computer Science, University of California at Davis (1995)

19.

Bishop, M.: Vulnerabilities analysis. In: Proceedings of the Recent Advances in Intrusion Detection, pp. 125–136 (1999)

20.

Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000). doi:10.1007/3-540-44598-6_15 CrossRef

21.

Bonneau, J., Clark, J., Goldfeder, S.: On Bitcoin as a public randomness source. IACR Cryptology ePrint Archive 2015, 1015 (2015)

22.

Brown, R.G., Carlyle, J., Grigg, I., Hearn, M.: Corda: an introduction (2016). http://r3cev.com/s/corda-introductory-whitepaper-final.pdf

23.

Buterin, V.: Ethereum: a next generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper

24.

Churyumov, A.: Byteball: a decentralized system for transfer of value (2016). https://byteball.org/Byteball.pdf

25.

Clack, C.D., Bakshi, V.A., Braine, L.: Smart contract templates: foundations, design landscape and research directions. CoRR abs/1608.00771 (2016)

26.

Delmolino, K., Arnett, M., Kosba, A.M.A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a crypto currency lab (2016)

27.

Etherscripter. http://etherscripter.com

28.

Eyal, I., Sirer, E.: Majority is not enough: bitcoin mining is vulnerable. In: Financial Cryptography and Data Security, pp. 436–454 (2014)

29.

Frantz, C.K., Nowostawski, M.: From institutions to code: towards automated generation of smart contracts. In: Workshop on Engineering Collective Adaptive Systems (eCAS) (2016)

30.

Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46803-6_10

31.

Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM CCS, pp. 3–16 (2016)

32.

Hirai, Y.: Formal verification of Deed contract in Ethereum name service. https://yoichihirai.com/deed.pdf

33.

Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)CrossRef

34.

Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: ACM CCS (2016). http://eprint.iacr.org/2016/633

35.

Luu, L., Teutsch, J., Kulkarni, R., Saxena, P.: Demystifying incentives in the consensus computer. In: ACM CCS, pp. 706–719 (2015)

36.

Marino, B., Juels, A.: Setting standards for altering and undoing smart contracts. In: RuleML, pp. 151–166 (2016)

37.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

38.

Nipkow, T., Wenzel, M., Paulson, L.C. (eds.): Isabelle/HOL: A Proof Assistant for Higherorder. LNCS, vol. 2283. Springer, Heidelberg (2002)MATH

39.

Nomura Research Institute: Survey on blockchain technologies and related services. http://www.meti.go.jp/english/press/2016/pdf/0531_01f.pdf

40.

Pierrot, C., Wesolowski, B.: Malleability of the blockchain’s entropy. IACR Cryptology ePrint Archive 2016, 370 (2016)

41.

Piessens, F.: A taxonomy of causes of software vulnerabilities in internet software. In: International Symposium on Software Reliability Engineering, pp. 47–52 (2002)

42.

Popejoy, S.: The Pact smart contract language (2016). http://kadena.io/pact

43.

Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in bitcoin. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 507–527. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_32 CrossRef

44.

Swamy, N., Hritcu, C., Keller, C., Rastogi, A., Delignat-Lavaud, A., Forest, S., Bhargavan, K., Fournet, C., Strub, P., Kohlweiss, M., Zinzindohoue, J.K., Béguelin, S.Z.: Dependent types and multi-monadic effects in F*. In: POPL (2016)

45.

Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997). http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/548

46.

UK Government Chief Scientific Adviser: Distributed ledger technology: beyond block chain. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/gs-16-1-distributed-ledger-technology.pdf

47.

Wood, G.: Ethereum: a secure decentralised generalised transaction ledger (2014). gavwood.com/paper.pdf

48.

Wüst, K., Gervais, A.: Ethereum Eclipse Attacks. Technical report, ETH-Zürich (2016)

Titel: A Survey of Attacks on Ethereum Smart Contracts (SoK)
verfasst von: Nicola Atzei
Massimo Bartoletti
Tiziana Cimoli
Verlag: Springer Berlin Heidelberg
Buch: Principles of Security and Trust
Print ISBN: 978-3-662-54454-9

Electronic ISBN: 978-3-662-54455-6

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-662-54455-6_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"