2021
DOI: 10.1145/3407230
|View full text |Cite
|
Sign up to set email alerts
|

Blockchain Vulnerabilities in Practice

Abstract: Blockchains are not invulnerable. There are known vulnerabilities in various blockchain ecosystem components. This field note describes some vulnerabilities observed in smart contracts and node software, their exploitation, and how to avoid them, with a focus on the Ethereum ecosystem.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 19 publications
(8 citation statements)
references
References 18 publications
0
8
0
Order By: Relevance
“…Some of the well-known tools are Oyente 9 , ZEUS [36], Maian 10 , SmartCheck [37], ContractFuzzer [38], Vandal [27], Ethainter [39], Securify [25], and MadMax [14]. ConsenSys Diligence -an enterprise for comprehensive code reviews of smart contracts developed Mythril 11 which supports detecting security vulnerabilities in EVM-compatible blockchain and MythX to cover a wider range of security issues 12 .…”
Section: Smart Contract Security Methods/toolsmentioning
confidence: 99%
“…Some of the well-known tools are Oyente 9 , ZEUS [36], Maian 10 , SmartCheck [37], ContractFuzzer [38], Vandal [27], Ethainter [39], Securify [25], and MadMax [14]. ConsenSys Diligence -an enterprise for comprehensive code reviews of smart contracts developed Mythril 11 which supports detecting security vulnerabilities in EVM-compatible blockchain and MythX to cover a wider range of security issues 12 .…”
Section: Smart Contract Security Methods/toolsmentioning
confidence: 99%
“…During Ethereum DAO, an external contract was called back into the DAO contract before the first transaction was completed, leading to multiple withdrawals and a significant loss of funds. This attack not only caused a substantial financial loss-3.6 million ETH, valued at approximately $50 million at the time-but also had profound implications on the Ethereum blockchain, leading to a drastic drop in the price of ether and eventually resulting in the split of Ethereum into Ethereum and Ethereum Classic [25,41]. A 51% attack on Ethereum remains an ongoing concern, where an attacker could rent computational power to potentially take over the network, posing a significant financial threat given Ethereum's substantial valuation [7].…”
Section: Case Study: Recent Breaches and Implicationsmentioning
confidence: 99%
“…The potential for a 51% attack remains a critical vulnerability in blockchain systems, as miners with the majority of the network's power can alter transaction data, reverse transactions, and disrupt the validation process [18,23,24,25]. For instance, attackers can exclude or modify the order of transactions, hamper other miners' operations, and impede the confirmation of legitimate transactions [24].…”
Section: Proof Of Work Vulnerability and 51% Attackmentioning
confidence: 99%
“…Smart contract security incidents have occurred frequently in recent years. In 2016, an attack against DAO contracts resulted in the loss of more than 3,600,000 Ethers, which stemmed from a reentrancy vulnerability introduced in a critical DAO contract [20]. In 2017, the Parity multi-signature wallet vulnerability resulted in over 513,701 Ethers being locked.…”
Section: Smart Contract Securitymentioning
confidence: 99%