Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part I

Research Article

An Extensive Security Analysis on Ethereum Smart Contracts

  • @INPROCEEDINGS{10.1007/978-3-030-90019-9_8,
        author={Mohammadreza Ashouri},
        title={An Extensive Security Analysis on Ethereum Smart Contracts},
        proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I},
        proceedings_a={SECURECOMM},
        year={2021},
        month={11},
        keywords={Smart contract Security Analysis Ethereum Exploit},
        doi={10.1007/978-3-030-90019-9_8}
    }
    
  • Mohammadreza Ashouri
    Year: 2021
    An Extensive Security Analysis on Ethereum Smart Contracts
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-030-90019-9_8
Mohammadreza Ashouri1
  • 1: Saint Pölten University of Applied Sciences

Abstract

Smart contracts have extensive applications in various emerging domains such as IoT, 5G networks, and finance. In this regard, the Ethereum platform has provided the capability of running smart contracts on its distributed infrastructure. Smart contracts are small programs that describe a set of rules for supervising associated funds, often written in a Turing-complete programming language called Solidity. Furthermore, Ethereum is currently one of the most extensive cryptocurrencies next to Bitcoin. This provides an extraordinary opportunity for attackers to exploit potential zero-day vulnerabilities in this ecosystem that are tightly twisted with financial gain. Consequently, this paper introduces a practical framework called “EthFuzz” to identify vulnerabilities and generate concrete exploits for the Ethereum ecosystem. Our system works through a graph-based method in combination with dynamic symbolic execution. Moreover, our proposed framework can tackle the path explosion problem in its symbolic execution engine. To prove our approach’s usefulness, we could successfully identify and generate exploits out of exploitable paths, within real-world smart contracts on the Ethereum live blockchain network.