The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

FERREIRA TORRES, Christof; IANNILLO, Antonio Ken; Gervais, Arthur; STATE, Radu

Télécharger

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

FERREIRA TORRES, Christof; IANNILLO, Antonio Ken; Gervais, Arthur et al.

2021 • In International Conference on Financial Cryptography and Data Security, Grenada 1-5 March 2021

Peer reviewed

Permalien
https://hdl.handle.net/10993/46244

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

FC_21_Horus_Torres.pdf

Preprint Auteur (723.78 kB)

Télécharger

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Disciplines :

Sciences informatiques

Auteur, co-auteur :

FERREIRA TORRES, Christof ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

IANNILLO, Antonio Ken ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

Gervais, Arthur; Imperial College London

STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

Date de publication/diffusion :

2021

Nom de la manifestation :

25th International Conference on Financial Cryptography and Data Security

Date de la manifestation :

from 01-03-2021 to 05–03-2021

Titre de l'ouvrage principal :

International Conference on Financial Cryptography and Data Security, Grenada 1-5 March 2021

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Projet FnR :

FNR13192291 - Secure Blockchain Technologies For Finance, 2018 (01/10/2018-31/03/2022) - Christof Ferreira Torres

Disponible sur ORBilu :

depuis le 15 février 2021

Statistiques

Nombre de vues

334 (dont 24 Unilu)

Nombre de téléchargements

647 (dont 21 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

Bibliographie

Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6 8
Brent, L., et al.: Vandal: a scalable security analysis framework for smart contracts (2018). arXiv preprint arXiv:1809.03981
Chen, T., et al.: Soda: a generic online detection framework for smart contracts. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’20) (2020)
CoinMarketCap: Top 100 Cryptocurrencies by Market Capitalization (2020). https://coinmarketcap.com
ConsenSys Diligence: Uniswap Audit (2019). https://github.com/ConsenSys/Uniswap-audit-report-2018-12
Etherscan: The DAO (2016). https://etherscan.io/address/0xbb9bc244d798123fde 783fcc1c72d3bb8c189413
Etherscan: The Dark DAO (2016). https://etherscan.io/address/0x304a554a310c7e 546dfe434669c62820b7d83490
Etherscan: DSEthToken (2017). https://etherscan.io/address/0xd654bdd32fc99471 455e86c2e7f7d7b6437e9179
Etherscan: HODLWallet (2018). https://etherscan.io/address/0x4a8d3a662e0fd6a8 bd39ed0f91e4c1b729c81a38
Etherscan: Lendf.Me-MoneyMarket (2019). https://etherscan.io/address/0x0eee3 e3828a45f7601d5f54bf49bb01d1a9df5ea
Etherscan: Uniswap: imBTC (2019). https://etherscan.io/address/0xffcf45b540e6c 9f094ae656d2e34ad11cdfdb187
Etherscan: Ethereum Daily Transactions Chart (2020). https://etherscan.io/chart/tx
Etherscan: Wrapped Ether (2020). https://etherscan.io/address/0xc02aaa39b223fe 8d0a0e5c4f27ead9083c756cc2
Ferreira Torres, C., Baden, M., Norvill, R., Jonker, H.: ÆGIS: smart shielding of smart contracts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2589–2591 (2019)
Ferreira Torres, C., Schütte, J., State, R.: Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC ’18, pp. 664–676. ACM, New York (2018). https://doi.org/10.1145/3274694.3274737
Ferreira Torres, C., Steichen, M., Norvill, R., Fiz Pontiveros, B., Jonker, H.: ÆGIS: shielding vulnerable smart contracts against attacks. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS’20), Taipei, Taiwan, 5–9 October 2020 (2020)
Ferreira Torres, C., Steichen, M., State, R.: The art of the scam: demystifying honeypots in ethereum smart contracts. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1591–1607. USENIX Association, Santa Clara (2019)
Frank, J., Aschermann, C., Holz, T.: ETHBMC: a bounded model checker for smart contracts. In: 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston (2020)
Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. In: Proceedings of the ACM on Programming Languages, vol. 2, no. POPL, p. 48 (2017)
Hildenbrandt, E., et al.: Kevm: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217 (2018)
Jiang, B., Liu, Y., Chan, W.: Contractfuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269. ACM (2018)
Jordan, H., Scholz, B., Subotić, P.: Soufflé: on synthesis of program analyzers. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 422–430. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6 23
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS, pp. 1–12 (2018)
Finley, K.: A $50 million hack just showed that the DAO was all too human (2016). https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/
Krupp, J., Rossow, C.: teether: Gnawing at ethereum to automatically exploit smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1317–1333 (2018)
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security-CCS’16, pp. 254–269. ACM Press, New York (2016). https://doi.org/10.1145/2976749.2978309
Mavridou, A., Laszka, A.: Tool demonstration: FSolidM for designing secure ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 270–277. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6 11
Evgeny, M.: Ethereum ETL v1.3.0 (2019). https://github.com/blockchain-etl/ethereum-etl
Mueller, B.: Smashing ethereum smart contracts for fun and real profit. In: The 9th annual HITB Security Conference (2018)
NCC Group: Decentralized Application Security Project (or DASP) Top 10 of 2018 (2018). https://dasp.co
Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663. ACM (2018)
PeckShield-batchOverflow Bug: ALERT: New batchOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10299) (2018). https://blog.peckshield.com/2018/04/22/batchOverflow/
PeckShield-proxyOverflow Bug: New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376) (2018). https://blog.peckshield.com/2018/04/25/proxyOverflow/
Perez, D., Livshits, B.: Smart contract vulnerabilities: vulnerable does not imply exploited. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver (2021)
Petrov, S.: Another parity wallet hack explained (2017). https://medium.com/@Pr0Ger/another-parity-wallet-hack-explained-847ca46a2e1c
Rodler, M., Li, W., Karame, G., Davi, L.: Sereum: protecting existing smart contracts against re-entrancy attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’19) (2019)
Ryan Sean Adams (2020). https://twitter.com/RyanSAdams/status/1252574107159408640
Schneidewind, C., Grishchenko, I., Scherer, M., Maffei, M.: ethor: practical and provably sound static analysis of ethereum smart contracts (2020). arXiv preprint arXiv:2005.06227
So, S., Lee, M., Park, J., Lee, H., Oh, H.: Verismart: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694. IEEE (2020)
StackExchange: Why is my node synchronization stuck/extremely slow at block 2,306,843? (2016). https://ethereum.stackexchange.com/questions/9883/why-is-my-node-synchronization-stuck-extremely-slow-at-block-2-306-843
Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997)
Szilágyi, P.: Go-Ethereum Management APIs-JavaScript-based tracing (2020). https://github.com/ethereum/go-ethereum/wiki/Management-APIs#javascript-based-tracing
Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: static analysis of ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 9–16. IEEE (2018)
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)
Wang, Y., et al.: Formal specification and verification of smart contracts for azure blockchain (2019). https://www.microsoft.com/en-us/research/publication/formal-specification-and-verification-of-smart-contracts-for-azure-blockchain
Wood, G.: Solidity 0.6.8 documentation (2020). https://solidity.readthedocs.io/en/v0.6.8/
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Paper 151(2014), 1–32 (2014)
Wu, L., et al.: Ethscope: a transaction-centric security analytics framework to detect malicious smart contracts on ethereum (2020). arXiv preprint arXiv:2005.08278
Zhang, M., Zhang, X., Zhang, Y., Lin, Z.: TXSPECTOR: uncovering attacks in ethereum from transactions. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2775–2792. USENIX Association (2020)
Zhao, W.: $30 Million: Ether Reported Stolen Due to Parity Wallet Breach (2017). https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach
Zhou, S., Yang, Z., Xiang, J., Cao, Y., Yang, Z., Zhang, Y.: An ever-evolving game: evaluation of real-world attacks and defenses in ethereum ecosystem. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2793–2810. USENIX Association (2020)