Finding Concurrency Exploits on Smart Contracts
Title | Finding Concurrency Exploits on Smart Contracts |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Li, Yue |
Conference Name | 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion) |
Date Published | May 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-1764-5 |
Keywords | application domains, Bars, blockchain, business data processing, business services, composability, Concurrency, concurrency exploit, concurrency exploits, Concurrent computing, contracts, CPS, cryptography, cyber physical systems, ethereum, general miner-side type, Metrics, pubcrawl, resilience, Resiliency, security, security attacks, security of data, smart contract, smart contracts |
Abstract | Smart contracts have been widely used on Ethereum to enable business services across various application domains. However, they are prone to different forms of security attacks due to the dynamic and non-deterministic blockchain runtime environment. In this work, we highlighted a general miner-side type of exploit, called concurrency exploit, which attacks smart contracts via generating malicious transaction sequences. Moreover, we designed a systematic algorithm to automatically detect such exploits. In our preliminary evaluation, our approach managed to identify real vulnerabilities that cannot be detected by other tools in the literature. |
URL | https://ieeexplore.ieee.org/document/8802776/ |
DOI | 10.1109/ICSE-Companion.2019.00061 |
Citation Key | li_finding_2019 |
- Cryptography
- smart contracts
- smart contract
- security of data
- security attacks
- security
- Resiliency
- resilience
- pubcrawl
- Metrics
- general miner-side type
- ethereum
- cyber physical systems
- application domains
- CPS
- contracts
- Concurrent computing
- concurrency exploits
- concurrency exploit
- Concurrency
- composability
- business services
- business data processing
- blockchain
- Bars