Cryptology ePrint Archive: Report 2016/1007

A survey of attacks on Ethereum smart contracts

Nicola Atzei and Massimo Bartoletti and Tiziana Cimoli

Abstract: Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Category / Keywords: applications / smart contracts, blockchain, cryptocurrencies

Date: received 24 Oct 2016, last revised 14 Dec 2016

Contact author: bart at unica it

Available format(s): PDF | BibTeX Citation

Note: Updated attacks to version 0.4.2 of the Solidity compiler.

Version: 20161214:111636 (All versions of this report)

Short URL: ia.cr/2016/1007

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]