Purathani Praitheeshan scite author profile

Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and hold a significant amount of cryptocurrency to perform trusted transactions and agreements. Millions of dollars as part of the assets held by the smart contracts were stolen or frozen through the notorious attacks just between 2016 and 2018, such as the DAO attack, Parity Multi-Sig Wallet attack, and the integer underflow/overflow attacks. These attacks were caused by a combination of technical flaws in designing and implementing software codes. However, many more vulnerabilities of less severity are to be discovered because of the scripting natures of the Solidity language and the non-updateable feature of blockchains. Hence, we surveyed 16 security vulnerabilities in smart contract programs, and some vulnerabilities do not have a proper solution. This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities. By correlating 16 Ethereum vulnerabilities and 19 software security issues, we predict that many attacks are yet to be exploited. And we have explored many software tools to detect the security vulnerabilities of smart contracts in terms of static analysis, dynamic analysis, and formal verification. This survey presents the security problems in smart contracts together with the available analysis tools and the detection methods. We also investigated the limitations of the tools or analysis methods with respect to the identified security vulnerabilities of the smart contracts.

show abstract

Security Evaluation of Smart Contract-Based On-chain Ethereum Wallets

Praitheeshan

Pan

Doss

2020

View full text Add to dashboard Cite

Attainable Hacks on Keystore Files in Ethereum Wallets—A Systematic Analysis

Praitheeshan¹,

Xin²,

Pan³

et al. 2019

View full text Add to dashboard Cite

SolGuard: Preventing external call issues in smart contract-based multi-agent robotic systems

Praitheeshan

Pan

Zheng

et al. 2021

Information Sciences

View full text Add to dashboard Cite

Private and Trustworthy Distributed Lending Model Using Hyperledger Besu

2021

View full text Add to dashboard Cite

Financial systems are rapidly becoming decentralized for fulfilling requirements, such as distributed transactions, security, trustworthiness and elimination of third-party authorizations. As a fast-growing decentralized platform, blockchain thrives in enterprise application development on permissioned and private environments. Unfortunately, the transparency nature on most of the blockchain platforms allows all the participants to view the transaction data unless the blockchain is a private chain. This practice has limited the potential developing blockchain-based applications, especially for public chains like Ethereum. This paper attempts to provide a technical solution to ensure the privacy and trustworthiness of transaction data on Ether-eum. To illustrate how a real-world system works, we design and implement a distributed lending model for handling private transactions between the participants of any loan agreement. Specifically, the privacy of the loan transactions is protected by customizing Hyperledger Besu and Orion transaction manager with the privacy group feature. However, current versions of Hyperledger Besu and Orion fail to provide necessary features for securing the entire Decentralized Application (DApp), including key management and intrusion detection, and the privacy group ID is unprotected by default. Therefore, we propose a multiuser level encryption scheme to securely share the privacy group ID among the privacy group members. Furthermore, we deployed a smart contract to monitor and alert the malicious activities from any external nodes with the intention to guess the privacy group ID. Our multiuser level encryption and intrusion detection methods worked seamlessly with the Hyperledger Besu and Orion on our prototype lending system. Our empirical results showed that the privacy needs of the privacy group ID are fulfilled with good system efficiency. The smart contract programs and the source code of the NodeJs application are available at https ://www.githu b.com/pprai the/besu_malic ious_node_detec tor.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.