Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins.
In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.
This paper focuses on the smart contract of Ethereum, which indirectly controls ETH. Therefore, the security of smart contract is a problem worthy of attention. This paper first analyzed several problems that may threaten the security of ETH, and find that all the problems come from the understanding of the distributed semantics of the underlying platform. Then a symbolic execution tool called Oyente is proposed to find and improve these problems. In my opinion, this paper plays an important role in learning the security of smart contracts.
This paper focuses on the security of Ethereum's smart contracts. The contribution of this paper is the proposition of the symbolic execution tool called Oyente, which can help the developers to write better contracts and the users to avoid invoking problem contracts.
As the landmark of Ethereum, the importance of smart contract is obvious. This paper first introduces and analyzes the smart contract, then analyzes the existing defects of the smart contract on the technical level, and shows several attack methods, one of which can even directly gain profits. Then it analyzes these defects at the semantic level, gives recommendations for better semantics, and make improvements from three aspects of guarded transactions, deterministic timestamp, and better exception handling. Finally, it shows their design called Oyente, through which we can design a more secure smart contract, at last, its reliability is proved by some experiments.