Cybersecurity and Ethereum Security Vulnerabilities Analysis

Authors

  • Tingyu Ma

DOI:

https://doi.org/10.54097/hset.v34i.5498

Keywords:

Decentralization, finance, blockchain, smart contracts, security breaches, Ethereum trading, cybersecurity, development

Abstract

As computer technology develops, the popularity of cryptocurrencies and their use will grow, and the newer people enter the industry. It changes the business model between organized businesses out of the need for another trusted party. Blockchain smart contracts can automatically enforce agreed contract between two unknowns. Briefly introduce Ethereum, a cryptocurrency, and focus on the security of its smart contracts in internet transactions. Ethereum was the first platform to support high-level programming languages to implement smart contracts, and the second largest blockchain platform, providing a runtime environment for essentially all Decentralized Finance applications. Bitcoin also supports the development and execution of smart contracts, but it is affected by the nature of the programming language used, and it hardly supports transactions except for verifying signatures. Because smart contracts can support a variety of large transactions, some security vulnerabilities can be extremely costly. In an extensive search and survey, the issue of smart contracts for the Ethereum blockchain was valued. The article will discuss some of the existing or former contract vulnerabilities and their solutions. It concludes with a discussion of the future direction of the smart contract space and provides some suggestions for those researching the field.

Downloads

Download data is not yet available.

References

M. Alharby and A. V. Moorsel "Blockchain based smart contracts: A systematic mapping study" Proc. Comput. Sci. Inf. Technol. pp. 125-140 Aug. 2017.

David Siegel, Jun 19, 2016. Understanding The DAO Hack for Journalists, https://pullnews.medium.com/understanding-the-dao-hack-for-journalists-2312dd43e993#.kw0ufw25q

L. Luu, D.-H. Chu, H. Olickel, P. Saxena and A. Hobor, "Making smart contracts smarter", Proc. ACM SIGSAC Conf. Comput. Commun. Secur., pp. 254-269, Oct. 2016.

A. Singh, R. M. Parizi, Q. Zhang, K. K. R. Choo and A. Dehghantanha, "Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities", Comput. Secur., vol. 88, Oct. 2020.

C. F. Torres, J. Schátte and R. State, "Osiris: Hunting for integer bugs in ethereum smart contracts", Proc. 34th Annu. Comput. Secur. Appl. Conf., pp. 664-676, Dec. 2018.

Y. Fu, M. Ren, et al., "EVMFuzzer: Detect EVM vulnerabilities via fuzz testing", Proc. 27th ACM Joint Meeting Eur. Softw. Eng. Conf. Symp. Found. Softw. Eng., pp. 1110-1114, Aug. 2019.

S. S. Kushwaha, S. Joshi, D. Singh, M. Kaur and H. -N. Lee, "Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract," in IEEE Access, vol. 10, pp. 6605-6621, 2022, doi: 10.1109/ACCESS.2021.3140091.

A. Dika and M. Nowostawski, "Security Vulnerabilities in Ethereum Smart Contracts," Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018, pp. 955-962, doi: 10.1109/Cybermatics_2018.2018.00182.

M. Bartoletti and L. Pompianu, "An empirical analysis of smart contracts: Platforms applications and design patterns" in Financial Cryptography and Data Security, Cham, Switzerland:Springer, vol. 10323, pp. 494-509, 2017.

N. Szabo, "Formalizing and securing relationships on public networks", 1st Monday, vol. 2, no. 9, pp. 1-15, Oct. 1997.

A. Kosba, A. Miller, E. Shi, Z. Wen and C. Papamanthou, "Hawk: The blockchain model of cryptography and privacy-preserving smart contracts", Proc. IEEE Symp. Secur. Privacy (SP), pp. 839-858, May 2016.

C. Natoli and V. Gramoli, "The blockchain anomaly", Proc. IEEE 15th Int. Symp. Netw. Comput. Appl. (NCA), pp. 310-317, Oct. 2016.

M. Wöhrer and U. Zdun "Design patterns for smart contracts in the ethereum ecosystem" Proc. IEEE Int. Conf. Internet Things pp. 1513-1520 Aug. 2018.

S. Jumnongsaksub and K. Sripanidkulchai "Reducing smart contract runtime errors on ethereum" IEEE Softw. vol. 37 no. 5 pp. 55-59 Oct. 2020.

J. Krupp and C. Rossow "TEETHER: Gnawing at ethereum to automatically exploit smart contracts" Proc. 27th USENIX Secur. Symp. pp. 1317-1333 2018.

I. Ashraf X. Ma B. Jiang and W. K. Chan "GasFuzzer: Fuzzing ethereum smart contract binaries to expose gas-oriented exception security vulnerabilities" IEEE Access vol. 8 pp. 99552-99564 2020.

Downloads

Published

28-02-2023

Issue

Vol. 34 (2023): 4th International Conference on Computer Science and Intelligent Communication (CSIC 2022)

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Ma, T. (2023). Cybersecurity and Ethereum Security Vulnerabilities Analysis. Highlights in Science, Engineering and Technology, 34, 375-381. https://doi.org/10.54097/hset.v34i.5498
Crossref
Scopus
Google Scholar
Europe PMC