ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks

Torres, Christof Ferreira; Baden, Mathis; Norvill, Robert; Pontiveros, Beltrán Borja Fiz; Jonker, Hugo; Mauw, Sjouke

doi:10.48550/arxiv.2003.05987

Cited by 3 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sarwar et al [8] provide an overview of attacks on SCs and analyses 10 security tools to detect vulnerabilities in SCs, then proposes a set of countermeasures to mitigate these attacks. Christof et al [14] introduce AEGIS, a dynamic analysis tool that protects SCs from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns.…”

Section: Related Workmentioning

confidence: 99%

A Novel Approach for Fraud Detection in Blockchain-Based Healthcare Networks Using Machine Learning

2023

View full text Add to dashboard Cite

Recently, the advent of blockchain (BC) has sparked a digital revolution in different fields, such as finance, healthcare, and supply chain. It is used by smart healthcare systems to provide transparency and control for personal medical records. However, BC and healthcare integration still face many challenges, such as storing patient data and privacy and security issues. In the context of security, new attacks target different parts of the BC network, such as nodes, consensus algorithms, Smart Contracts (SC), and wallets. Fraudulent data insertion can have serious consequences on the integrity and reliability of the BC, as it can compromise the trustworthiness of the information stored on it and lead to incorrect or misleading transactions. Detecting and preventing fraudulent data insertion is crucial for maintaining the credibility of the BC as a secure and transparent system for recording and verifying transactions. SCs control the transfer of assets, which is why they may be subject to several adverbial attacks. Therefore, many efforts have been proposed to detect vulnerabilities and attacks in the SCs, such as utilizing programming tools. However, their proposals are inadequate against the newly emerging vulnerabilities and attacks. Artificial Intelligence technology is robust in analyzing and detecting new attacks in every part of the BC network. Therefore, this article proposes a system architecture for detecting fraudulent transactions and attacks in the BC network based on Machine Learning (ML). It is composed of two stages: (1) Using ML to check medical data from sensors and block abnormal data from entering the blockchain network. (2) Using the same ML to check transactions in the blockchain, storing normal transactions, and marking abnormal ones as novel attacks in the attacks database. To build our system, we utilized two datasets and six machine learning algorithms (Logistic Regression, Decision Tree, KNN, Naive Bayes, SVM, and Random Forest). The results demonstrate that the Random Forest algorithm outperformed others by achieving the highest accuracy, execution time, and scalability. Thereby, it was considered the best solution among the rest of the algorithms for tackling the research problem. Moreover, the security analysis of the proposed system proves its robustness against several attacks which threaten the functioning of the blockchain-based healthcare application.

show abstract

Section: Related Workmentioning

confidence: 99%

A Novel Approach for Fraud Detection in Blockchain-Based Healthcare Networks Using Machine Learning

2023

View full text Add to dashboard Cite

show abstract

“…These solutions AEGIS (Torres & al., 2020), ReGuard (Chao & al., 2018), Reentrancy analyzer (Chinen & al., 2020), Bidirectional LSTM -ATTention (BLSTM-ATT) , ECFChecker (Grossman & al., 2017), EthScope (Wu & al., 2020), Sereum (Michael & al., 2019), Teether (Johannes and Christian., 2018), Zeus (Sukrit et al, 2018), Graph Neural Networks (Yuan & al., 2020), SmartCheck (Sergei et al, 2018), Securify (Petar & al., 2018), SmartCopy (Yu & al., 2019), Manticore (Mark & al., 2019), Mythril (Sarwaar et al, 2020), Oyente (Loi & al., 2016), ContractFuzzer , ContractWar , TxSpector (Mengya & al., 2020), Vandal, (Brent & al., 2018) Slither are able to detect reentrancy bugs as well as Mechanism to Detect and Prevent Ethereum Blockchain Smart Contract (Alkhalifah & al., 2021), Dynamit (Eshghie & al., 2021), Elysium (Torres & al., 2021), Eth2vec (Ashizawa & al., 2021), Reentrancy detection using TXL programming language (Samreen & Alalfi., 2020), Graph Neural Network with expert knowledge , EtherSolve (Contro & al., 2021), SGuard (Nguyen & al., 2021).…”

Section: Security Issuesmentioning

confidence: 99%

Smart Contracts Security Threats and Solutions

Rosaire

Dégila

2022

International Journal of Information Technology and Web Engineering

View full text Add to dashboard Cite

Blockchain-enabled smart contracts are subjected to several issues leading to vigorous attacks such as the decentralized autonomous organization (DAO) and the ParitySig bug on the Ethereum platform with disastrous consequences. Several solutions have been proposed. However, new threats are identified as technology evolves and new solutions are produced, while some older threats remain unsolved. Thus, the need to fill the gap with a more comprehensive survey on existing issues and solutions for researchers and practitioners arises. The resulting updated database will become an essential means for choosing a particular solution for a specific subject. In this review, the authors embrace mainly codifying security privacy and performance issues and their respective solutions. Each problem is attached to its corresponding solutions when they exist. A summary of the threats and solutions is provided as well as the relationship between threat importance and the given answers. They finally enumerate some directives for future works.

show abstract

“…Tools such as Sereum [32] or ECFChecker [16] can detect live reentrancy attacks on vulnerable contracts. Recent work has further explored modular dynamic analysis frameworks for protecting smart contracts [6,40]. Protection solutions that require modifications to the smart contract execution environment are unlikely to be integrated in to production blockchain systems.…”

Section: Related Workmentioning

confidence: 99%

EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts

Rodler,

Li,

Karame

et al. 2020

Preprint

View full text Add to dashboard Cite

Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant patching is especially important since smart contracts are always online due to the distributed nature of blockchain systems. They also manage considerable amounts of assets, which are at risk and often beyond recovery after an attack. Existing solutions to upgrade smart contracts depend on manual and error-prone processes. This paper presents a framework, called EVM-PATCH, to instantly and automatically patch faulty smart contracts. EVMPATCH features a bytecode rewriting engine for the popular Ethereum blockchain, and transparently/automatically rewrites common off-the-shelf contracts to upgradable contracts. The proof-of-concept implementation of EVM-PATCH automatically hardens smart contracts that are vulnerable to integer over/underflows and access control errors, but can be easily extended to cover more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable) contracts demonstrate that our approach successfully blocks attack transactions launched on these contracts, while keeping the intended functionality of the contract intact. We perform a study with experienced software developers, showing that EVMPATCH is practical, and reduces the time for converting a given Solidity smart contract to an upgradable contract by 97.6 %, while ensuring functional equivalence to the original contract.

show abstract

ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks

Cited by 3 publications

References 0 publications

A Novel Approach for Fraud Detection in Blockchain-Based Healthcare Networks Using Machine Learning

A Novel Approach for Fraud Detection in Blockchain-Based Healthcare Networks Using Machine Learning

Smart Contracts Security Threats and Solutions

EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts

Contact Info

Product

Resources

About