8 Hits in 2.8 sec

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks [article]

Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi
2018 arXiv   pre-print
contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation.  ...  In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed  ...  Section IV) which protects existing, deployed smart contracts against re-entrancy attacks in a backwards-compatible way without requiring source code or any modification of the contract code.  ... 
arXiv:1812.05934v1 fatcat:ttndb3qlffg3zi7xaqllqpmdbi

Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited [article]

Daniel Perez, Benjamin Livshits
2020 arXiv   pre-print
In recent years, we have seen a great deal of both academic and practical interest in the topic of vulnerabilities in smart contracts, particularly those developed for the Ethereum blockchain.  ...  While most of the work has focused on detecting *vulnerable* contracts, in this paper, we focus on finding how many of these vulnerable contracts have actually been *exploited*.  ...  Other types of attacks. Our tool and analysis does not cover every existing attack to smart contracts.  ... 
arXiv:1902.06710v5 fatcat:zl3ibhy6j5cqbn3bq6jjhefv4i

SMACS: Smart Contract Access Control Service [article]

Bowen Liu, Siwei Sun, Pawel Szalachowski
2020 arXiv   pre-print
With dedicated ACRs backed by vulnerability-detection tools, SMACS can protect vulnerable contracts after deployment. We fully implement SMACS and evaluate it.  ...  SMACS is flexible and in addition to simple access control lists can easily implement rules enhancing the runtime security of smart contracts.  ...  Another interesting example is the Sereum [13] architecture, a hardened EVM which is able to protect deployed contracts against re-entrancy attacks in a backward compatible way by leveraging taint tracking  ... 
arXiv:2003.07495v1 fatcat:rca56pwek5fonn5wrvdwdamg2q

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts [article]

Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, Radu State
2021 arXiv   pre-print
We perform a large-scale analysis of all the smart contracts deployed on Ethereum until May 2020. We identified 1,888 attacked smart contracts and 8,095 adversarial transactions in the wild.  ...  Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars.  ...  Rodler, M., Li, W., Karame, G., Davi, L.: Sereum: Protecting existing smart con- tracts against re-entrancy attacks.  ... 
arXiv:2101.06204v1 fatcat:uok3lfreerdblgiptkx2ctsfdu

Oracle-Supported Dynamic Exploit Generation for Smart Contracts [article]

Haijun Wang and Yi Li and Shang-Wei Lin and Cyrille Artho and Lei Ma and Yang Liu
2019 arXiv   pre-print
We evaluate ContraMaster on 218 vulnerable smart contracts.  ...  It then monitors the executions of target contract programs, and validates the results against a general-purpose semantic test oracle to discover vulnerabilities.  ...  It addresses this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, which protects existing, deployed contracts against re-entrancy attacks in a backwards  ... 
arXiv:1909.06605v2 fatcat:d2agsfeikbdhnatw45p2lasqsm

A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems [article]

Bin Hu, Zongyang Zhang, Jianwei Liu, Yizhong Liu, Jiayuan Yin, Rongxing Lu, Xiaodong Lin
2021 Patterns   accepted
Smart contracts are regarded as one of the most promising and appealing notions in blockchain technology.  ...  Various schemes and tools have been proposed to facilitate the construction and execution of secure smart contracts.  ...  of errors; 4) re-entrancy attacks, etc.  ... 
doi:10.1016/j.patter.2020.100179 pmid:33659907 pmcid:PMC7892363 arXiv:2008.13413v2 fatcat:2k4v2olwobe2vnajvpw5qd2p3e

Maintaining Smart Contracts on Ethereum: Issues, Techniques, and Future Challenges [article]

Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiaohu Yang
2021 arXiv   pre-print
In this study, we focus on the maintenance-related concerns of the post-deployment of smart contracts. Smart contracts are self-executed programs that run on a blockchain.  ...  (ii) What are the current maintenance-related methods used for smart contracts?  ...  Detection VULTRON: Catching Vulnerable Smart Contracts Once and for All (Wang et al., 2019a) 2019 State Detection Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks (Rodler  ... 
arXiv:2007.00286v2 fatcat:g5wr7k2edjbw3dpqcfloyvnqrq

A Taxonomy Study on Securing Blockchain-based Industrial Applications: An Overview, Application Perspectives, Requirements, Attacks, Countermeasures, and Open Issues [article]

Khizar Hameed, Mutaz Barika, Saurabh Garg, Muhammad Bilal Amin, Byeong Kang
2021 arXiv   pre-print
This study presents a state-of-the-art survey of Blockchain-based Industry 4.0 applications, focusing on crucial application and security and privacy requirements, as well as corresponding attacks on Blockchain  ...  For example, one approach called Sereum [351] is proposed to solve the re-entrance attack, allowing for dynamic taint tracking of smart contract data flows.  ...  The smart contract layer attacks are as follows: integer overflow attack, re-entrancy attack and short address attack, all of which are described further below.  ... 
arXiv:2105.11665v1 fatcat:bsm7w2shjneajp425oddszr6ju