Visible to the public Finding Concurrency Exploits on Smart Contracts

TitleFinding Concurrency Exploits on Smart Contracts
Publication TypeConference Paper
Year of Publication2019
AuthorsLi, Yue
Conference Name2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)
Date PublishedMay 2019
PublisherIEEE
ISBN Number978-1-7281-1764-5
Keywordsapplication domains, Bars, blockchain, business data processing, business services, composability, Concurrency, concurrency exploit, concurrency exploits, Concurrent computing, contracts, CPS, cryptography, cyber physical systems, ethereum, general miner-side type, Metrics, pubcrawl, resilience, Resiliency, security, security attacks, security of data, smart contract, smart contracts
Abstract

Smart contracts have been widely used on Ethereum to enable business services across various application domains. However, they are prone to different forms of security attacks due to the dynamic and non-deterministic blockchain runtime environment. In this work, we highlighted a general miner-side type of exploit, called concurrency exploit, which attacks smart contracts via generating malicious transaction sequences. Moreover, we designed a systematic algorithm to automatically detect such exploits. In our preliminary evaluation, our approach managed to identify real vulnerabilities that cannot be detected by other tools in the literature.

URLhttps://ieeexplore.ieee.org/document/8802776/
DOI10.1109/ICSE-Companion.2019.00061
Citation Keyli_finding_2019