Research Article
Perturbing Smart Contract Execution Through the Underlying Runtime
@INPROCEEDINGS{10.1007/978-3-030-63095-9_22, author={Pinchen Cui and David Umphress}, title={Perturbing Smart Contract Execution Through the Underlying Runtime}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part II}, proceedings_a={SECURECOMM PART 2}, year={2020}, month={12}, keywords={Blockchain Hyperledger Docker Container Smart contract Security Man in the middle}, doi={10.1007/978-3-030-63095-9_22} }- Pinchen Cui
David Umphress
Year: 2020
Perturbing Smart Contract Execution Through the Underlying Runtime
SECURECOMM PART 2
Springer
DOI: 10.1007/978-3-030-63095-9_22
Abstract
Because the smart contract is the core element that enables blockchain systems to perform diverse and intelligent operations, the security of smart contracts significantly determines the reliability and availability of the blockchain applications. This work examines security from the perspective that, although a smart contract may be programmatically correct, the environment in which the smart contract is carried out is vulnerable. Adversaries do not need to necessarily concern themselves with how a smart contract is programmed or whether it is vulnerable; the integrity of the smart contract can be undermined by perturbing the output of smart contract execution. Such an approach does not rely on exploiting programming errors or vulnerabilities in smart contract verification and protection frameworks. Instead, it leverages the flaws in the underlying smart contract lifecycle and virtualization mechanisms. The Hyperledger Fabric platform is used to demonstrate the feasibility of the proposed attack.
