Protect Your Smart Contract Against Unfair Payment

Li, Yue; Liu, Han; Yang, Zhiqiang; Wang, Bin; Ren, Qian; Wang, Lei; Chen, Bangdao

doi:10.1109/srds51746.2020.00014

Cited by 8 publications

(7 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(b) The currency transfer instructions: Arbitrary access to currency transfer functions creates several vulnerabilities, including unfair payment [123], leaking Ether [96,204], unprotected ether withdrawal and vulnerable access control [196,207,233]. These issues can be addressed by establishing the preservation of owner information property.…”

Section: Information Flow-relatedmentioning

confidence: 99%

“…Double-spending is a vulnerability that arises when the same transaction occurs more than once without reducing the balance [27]. Another vulnerability, unfair payment, arises due to a costless trade, which happens when a user can exchange the same token more than once, whereas once that token is spent, the user is no longer the owner of that token, and thus not eligible to spend it again without getting it back first [123].…”

Section: Preservation Of Assets In Transactionsmentioning

confidence: 99%

See 1 more Smart Citation

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment.Several patterns about the strengths of different methods emerge through this classification process.CCS Concepts: • General and reference → Surveys and overviews; • Software and its engineering → Automated static analysis; Dynamic analysis; Software verification.

show abstract

Section: Information Flow-relatedmentioning

confidence: 99%

Section: Preservation Of Assets In Transactionsmentioning

confidence: 99%

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…For contract call, where the recipient is the called smart contract, the input uniquely identifies the callee function through the hash digest algorithm, and the bytecode associated with the called smart contract account is loaded into the Ethereum virtual machine for execution. (6) Miners solve the problem of workload proof by looking for a random nonce value. e hash value of metadata of this new block needs to be smaller than a certain value, which reflects the difficulty of creating the block.…”

Section: Transaction Process Of Ethereummentioning

confidence: 99%

“…Blockchain technology, as a new technology, technically ensures transaction security through encryption algorithm and digital signature, and relies on consensus mechanism to generate blocks to form a chain structure to ensure that data cannot be tampered with. Nevertheless, blockchain is still facing great security threats [6], especially in smart contracts. Because of the differences in the programming ability of smart contract developers, security problems are inevitable.…”

Section: Introductionmentioning

confidence: 99%

Multiple-Layer Security Threats on the Ethereum Blockchain and Their Countermeasures

Duan

Sun

Zhang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Blockchain technology has been widely used in digital currency, Internet of Things, and other important fields because of its decentralization, nontampering, and anonymity. The vigorous development of blockchain cannot be separated from the security guarantee. However, there are various security threats within the blockchain that have shown in the past to cause huge financial losses. This paper aims at studying the multi-level security threats existing in the Ethereum blockchain, and exploring the security protection schemes under multiple attack scenarios. There are ten attack scenarios studied in this paper, which are replay attack, short url attack, false top-up attack, transaction order dependence attack, integer overflow attack, re-entrancy attack, honeypot attack, airdrop hunting attack, writing of arbitrary storage address attack, and gas exhaustion denial of service attack. This paper also proposes protection schemes. Finally, these schemes are evaluated by experiments. Experimental results show that our approach is efficient and does not bring too much extra cost and that the time cost has doubled at most.

show abstract

“…We assume the trustworthiness of the blockchain. There are technologies to enhance security at the ledger layer [28], [29] and the smart contract layer [30]- [33]. We also see this as a topic complementary to Argus.…”

Section: B Trust Assumptionsmentioning

confidence: 99%

Argus: A Fully Transparent Incentive System for Anti-Piracy Campaigns (Extended Version)

Zhang¹,

Guo²,

Zeng³

et al. 2021

Preprint

View full text Add to dashboard Cite

Anti-piracy is fundamentally a procedure that relies on collecting data from the open anonymous population, so how to incentivize credible reporting is a question at the center of the problem. Industrial alliances and companies are running antipiracy incentive campaigns, but their effectiveness is publicly questioned due to the lack of transparency. We believe that full transparency of a campaign is necessary to truly incentivize people. It means that every role, e.g., content owner, licensee of the content, or every person in the open population, can understand the mechanism and be assured about its execution without trusting any single role.We see this as a distributed system problem. In this paper, we present Argus, a fully transparent incentive system for antipiracy campaigns. The groundwork of Argus is to formulate the objectives for fully transparent incentive mechanisms, which securely and comprehensively consolidate the different interests of all roles. These objectives form the core of the Argus design, highlighted by our innovations about a Sybil-proof incentive function, a commit-and-reveal scheme, and an oblivious transfer scheme. In the implementation, we overcome a set of unavoidable obstacles to ensure security despite full transparency. Moreover, we effectively optimize several cryptographic operations so that the cost for a piracy reporting is reduced to an equivalent cost of sending about 14 ETH-transfer transactions to run on the public Ethereum network, which would otherwise correspond to thousands of transactions. With the security and practicality of Argus, we hope real-world anti-piracy campaigns will be truly effective by shifting to a fully transparent incentive mechanism.1 Argus (an abbreviation for Argus Panoptes) is a many-eyed giant in Greek mythology, which comprehensively traces misbehaviors.

show abstract

Protect Your Smart Contract Against Unfair Payment

Cited by 8 publications

References 14 publications

Pre-deployment Analysis of Smart Contracts -- A Survey

Pre-deployment Analysis of Smart Contracts -- A Survey

Multiple-Layer Security Threats on the Ethereum Blockchain and Their Countermeasures

Argus: A Fully Transparent Incentive System for Anti-Piracy Campaigns (Extended Version)

Contact Info

Product

Resources

About