DappGuard : Active Monitoring and Defense for Solidity Smart Contracts
نویسندگان
چکیده
Ethereum’s smart contracts present an attractive incentive toward participating in the network. Deploying a smart contract allows a user to run a distributed application (Dapp) that includes storage, payment features, and cryptographic services all within the context of just a contract script and its layout. However, recently exploited vulnerabilities in the Solidity smart contract language have undermined the integrity of Ethereum’s smart contract implementations. After some discussion of previous work, we examine whether known vulnerabilities can be detected as attacks post factum from information available on the Ethereum blockchain. Then, we present findings on what information is available for a few selected contracts. Finally, we propose our design for a live monitoring and protection system based on our research findings, the prototypes we developed to gather data, and documented plans for extension.
منابع مشابه
Executable Operational Semantics of Solidity
Bitcoin has attracted everyone’s attention and interest recently. Ethereum (ETH), a second generation cryptocurrency, extends Bitcoin’s design by offering a Turing-complete programming language called Solidity to develop smart contracts. Smart contracts allow creditable execution of contracts on EVM (Ethereum Virtual Machine) without third parties. Developing correct smart contracts is challeng...
متن کاملA Semantic Framework for the Security Analysis of Ethereum smart contracts
Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recen...
متن کاملShort Paper: Formal Verification of Smart Contracts
Ethereum is a cryptocurrency framework that uses blockchain technology to provide an open distributed computing platform, called the Ethereum Virtual Machine (EVM). EVM programs are written in bytecode which operates on a simple stack machine. Programmers do not usually write EVM code; instead, they can program in a JavaScript-like language called Solidity that compiles to bytecode. Since the m...
متن کاملScilla: a Smart Contract Intermediate-Level LAnguage
This paper outlines key design principles of Scilla—an intermediatelevel language for verified smart contracts. Scilla provides a clean separation between the communication aspect of smart contracts on a blockchain, allowing for the rich interaction patterns, and a programming component, which enjoys principled semantics and is amenable to formal verification. Scilla is not meant to be a high-l...
متن کاملOn the Feasibility of Decentralized Derivatives Markets
In this paper, we present Velocity, a decentralized market deployed on Ethereum for trading a custom type of derivative option. To enable the smart contract to work, we also implement a price fetching tool called PriceGeth. We present this as a case study, noting challenges in development of the system that might be of independent interest to whose working on smart contract implementations. We ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017