Loi Luu
ABSTRACT
Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins.
In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.
- Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. bitcoin.org, 2009.Google Scholar
- Ethereum Foundation. Ethereum's white paper. https://github.com/ethereum/wiki/wiki/White-Paper, 2014.Google Scholar
- A Miller, A Juels, E Shi, B Parno, and J Katz. Permacoin: Repurposing Bitcoin work for long-term data preservation. IEEE Security and Privacy, 2014. Google ScholarDigital Library
- Use case for factom: The world's first blockchain operating system (bos). http://kencode.de/projects/ePlug/Factom-Linux-Whitepaper.pdf, Feb 2015.Google Scholar
- Nick Szabo. The idea of smart contracts. http://szabo.best.vwh.net/smart_contracts_idea.html, 1997.Google Scholar
- Loi Luu, Jason Teutsch, Raghav Kulkarni, and Prateek Saxena. Demystifying incentives in the consensus computer. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pages 706--719. ACM, 2015. Google ScholarDigital Library
- EtherDice smart contract is down for maintenance. https://www.reddit.com/r/ethereum/comments/47f028/etherdice_is_down_for_maintenance_we_are_having/.Google Scholar
- RSK Labs. Rootstock: Smart contracts platform powered by Bitcoin. http://www.rootstock.io/, 2015.Google Scholar
- Counterparty platform. http://counterparty.io/, 2015.Google Scholar
- James C. Corbett, Jeffrey Dean, Michael Epstein, Andrew Fikes, Christopher Frost, J. J. Furman, Sanjay Ghemawat, Andrey Gubarev, Christopher Heiser, Peter Hochschild, Wilson Hsieh, Sebastian Kanthak, Eugene Kogan, Hongyi Li, Alexander Lloyd, Sergey Melnik, David Mwaura, David Nagle, Sean Quinlan, Rajesh Rao, Lindsay Rolig, Yasushi Saito, Michal Szymaniak, Christopher Taylor, Ruth Wang, and Dale Woodford. Spanner: Google's globally distributed database. ACM Trans. Comput. Syst., aug 2013. Google ScholarDigital Library
- Jason Baker, Chris Bond, James C. Corbett, JJ Furman, Andrey Khorlin, James Larson, Jean-Michel Leon, Yawei Li, Alexander Lloyd, and Vadim Yushprakh. Megastore: Providing scalable, highly available storage for interactive services. In Proceedings of the Conference on Innovative Data system Research (CIDR), pages 223--234, 2011.Google Scholar
- KingOfTheEtherThrone smart contract. https://github.com/kieranelby/KingOfTheEtherThrone/blob/v0.4.0/contracts/KingOfTheEtherThrone.sol.Google Scholar
- GovernMental's 1100 ETH payout is stuck because it uses too much gas. https://www.reddit.com/r/ethereum/comments/4ghzhv/governmentals_1100_eth_jackpot_payout_is_stuck/.Google Scholar
- Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. Cryptology ePrint Archive, Report 2015/460, 2015. http://eprint.iacr.org/.Google Scholar
- Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. http://gavwood.com/paper.pdf, 2014.Google Scholar
- Ethereum Foundation. The solidity contract-oriented programming language. https://github.com/ethereum/solidity.Google Scholar
- Ethereum Foundation. The serpent contract-oriented programming language. https://github.com/ethereum/serpent.Google Scholar
- Oyente project page. https://www.comp.nus.edu.sg/ loiluu/oyente.html.Google Scholar
- TheDAO smart contract. http://etherscan.io/address/0xbb9bc244d798123fde783fcc1c72d3bb8c189413#code.Google Scholar
- EtherEx: A fully decentralized cryptocurrency exchange. https://etherex.org/.Google Scholar
- EtherOpt: A decentralized options exchange. http://etheropt.github.io/.Google Scholar
- The Run smart contract. https://etherscan.io/address/0xcac337492149bdb66b088bf5914bedfbf78ccc18.Google Scholar
- Ethereum Foundation. Block validation algorithm. https://github.com/ethereum/wiki/wiki/Block-Protocol-2.0#block-validation-algorithm.Google Scholar
- Andrew Miller, Brian Warner, and Nathan Wilcox. Gas economics. https://github.com/LeastAuthority/ethereum-analyses/blob/master/GasEcon.md.Google Scholar
- Protect The Castle Contract. http://protect-the-castle.ether-contract.org/.Google Scholar
- GovernMental Smart Contract. http://governmental.github.io/GovernMental/.Google Scholar
- Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In Proceedings of the 2016 IEEE Symposium on Security and Privacy, SP '16. IEEE Computer Society, 2016.Google ScholarCross Ref
- Lottopolo smart contract. https://etherchain.org/account/0x0155ce35fe73249fa5d6a29f3b4b7b98732eb2ed.Google Scholar
- Random number generator contract. https://github.com/randao/randao.Google Scholar
- Joseph Bonneau, Jeremy Clark, and Steven Goldfeder. On Bitcoin as a public randomness source. Cryptology ePrint Archive, Report 2015/1015, 2015. http://eprint.iacr.org/.Google Scholar
- James C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394. Google ScholarDigital Library
- Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 238--252, New York, NY, USA, 1977. ACM. Google ScholarDigital Library
- Microsoft Corporation. The Z3 theorem prover. https://github.com/Z3Prover/z3.Google Scholar
- The Ethereum block explorer. https://etherscan.io/.Google Scholar
- The Ethereum network stats. https://etherchain.org/.Google Scholar
- Peter Borah. Tokenwith invariants - vulnerable contracts in ethereum. https://github.com/PeterBorah/smart-contract-security-examples/blob/7d7ef27b12f15318871c44512b70737176d23c5f/contracts/TokenWithInvariants.sol.Google Scholar
- Peter Vessenes. More ethereum attacks: Race-to-empty is the real deal. http://vessenes.com/more-ethereum-attacks-race-to-empty-is-the-real-deal/.Google Scholar
- Alexandre Naverniouk. EtherID: Ethereum name registrar. http://etherid.org/.Google Scholar
- Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. Town crier: An authenticated data feed for smart contracts. Cryptology ePrint Archive, Report 2016/168, 2016. http://eprint.iacr.org/.Google Scholar
- Ari Juels, Ahmed Kosba, and Elaine Shi. The ring of Gyges: Investigating the future of criminal smart contracts. Cryptology ePrint Archive, Report 2016/358, 2016. http://eprint.iacr.org/.Google Scholar
- Philip A. Bernstein and Nathan Goodman. Concurrency control in distributed database systems. ACM Comput. Surv., 13(2):185--221, June 1981. Google ScholarDigital Library
- Friedemann Mattern. Virtual time and global states of distributed systems. In Parallel and Distributed Algorithms, pages 215--226. North-Holland, 1989.Google Scholar
- C. J. Fidge. Timestamps in message-passing systems that preserve the partial ordering. Proceedings of the 11th Australian Computer Science Conference, 10(1):56--66, 1988.Google Scholar
- Leslie Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, pages 558--565, July 1978. Google ScholarDigital Library
- Andrew Koening and Bjarne Stroustrup. Exception handling for CGoogle Scholar
- . Journal of Object-Oriented Programming, 3(2):16--33, 1990.Google Scholar
- Robin Milner, Mads Tofte, and David MacQueen. The Definition of Standard ML. MIT Press, Cambridge, MA, USA, 1997. Google ScholarCross Ref
Index Terms
- Making Smart Contracts Smarter
Recommendations
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
A Survey on Formal Verification for Solidity Smart Contracts
ACSW '21: Proceedings of the 2021 Australasian Computer Science Week MulticonferenceOne of the 21st century’s hottest topics in the world of IT has been the emergence of what some predict to be the foundation stone for a new era of internet (web 3.0): Blockchain technology. Besides being the backbone of what we come to know as ...
Blockchain and Smart Contracts
ICSIE '19: Proceedings of the 8th International Conference on Software and Information EngineeringThis paper presents an introduction to the current state of art of the Blockchain and Smart Contract technologies. Blockchain is a fast-disruptive technology becoming a key instrument in share economy. The Blockchain-based Smart Contract aim to ...
Comments