Paper 2016/633

Making Smart Contracts Smarter

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor

Abstract

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.

Note: Fix some typos

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. MINOR revision.ACM CCS 2016
DOI
10.1145/2976749.2978309
Keywords
EthereumCryptocurrenciesblockchainssmart contracts
Contact author(s)
loiluu @ comp nus edu sg
History
2017-03-07: last of 2 revisions
2016-06-21: received
See all versions
Short URL
https://ia.cr/2016/633
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/633,
      author = {Loi Luu and Duc-Hiep Chu and Hrishi Olickel and Prateek Saxena and Aquinas Hobor},
      title = {Making Smart Contracts Smarter},
      howpublished = {Cryptology ePrint Archive, Paper 2016/633},
      year = {2016},
      doi = {10.1145/2976749.2978309},
      note = {\url{https://eprint.iacr.org/2016/633}},
      url = {https://eprint.iacr.org/2016/633}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.