Skip to main content
SpringerLink
Log in

Perturbing Smart Contract Execution Through the Underlying Runtime

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2020)

  • 1037 Accesses

Abstract

Because the smart contract is the core element that enables blockchain systems to perform diverse and intelligent operations, the security of smart contracts significantly determines the reliability and availability of the blockchain applications. This work examines security from the perspective that, although a smart contract may be programmatically correct, the environment in which the smart contract is carried out is vulnerable. Adversaries do not need to necessarily concern themselves with how a smart contract is programmed or whether it is vulnerable; the integrity of the smart contract can be undermined by perturbing the output of smart contract execution. Such an approach does not rely on exploiting programming errors or vulnerabilities in smart contract verification and protection frameworks. Instead, it leverages the flaws in the underlying smart contract lifecycle and virtualization mechanisms. The Hyperledger Fabric platform is used to demonstrate the feasibility of the proposed attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/ethereum/wiki/wiki/White-Paper.

  2. 2.

    https://www.hyperledger.org.

  3. 3.

    https://github.com/sonertari/SSLproxy.

  4. 4.

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736.

  5. 5.

    https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/.

  6. 6.

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18920.

  7. 7.

    https://docs.docker.com/engine/security/rootless/.

References

  1. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM (2018)

    Google Scholar 

  2. Park, D., Zhang, Y., Saxena, M., Daian, P., Roşu, G.: A formal verification tool for Ethereum VM bytecode. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 912–915. ACM (2018)

    Google Scholar 

  3. Hildenbrandt, E. et al.: Kevm: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217. IEEE (2018)

    Google Scholar 

  4. Wohrer, M., Zdun, U.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 2–8. IEEE (2018)

    Google Scholar 

  5. Perez, D., Livshits, B.: Smart contract vulnerabilities: Does anyone care? (2019). arXiv preprint arXiv:1902.06710

  6. Brent, L. et al.: Vandal: a scalable security analysis framework for smart contracts (2018)

    Google Scholar 

  7. Clack, C.D., Bakshi, V.A., Braine, L.: Smart contract templates: foundations, design landscape and research directions (2016)

    Google Scholar 

  8. Cui, P., Guin, U., Skjellum, A., Umphress, D.: Blockchain in IoT: current trends, challenges, and future roadmap. J. Hardware Syst. Secur. 3(4), 338–364 (2019). https://doi.org/10.1007/s41635-019-00079-5

    Article  Google Scholar 

  9. Adrian, D. et al.: Imperfect forward secrecy: how diffie-hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5–17 (2015)

    Google Scholar 

  10. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  11. Chen, H., Pendleton, M., Njilla, L., Xu, S.: A survey on Ethereum systems security: vulnerabilities, attacks and defenses. ACM Comput. Surv. 53(3), 1–43 (2020). https://doi.org/10.1145/3391195

    Article  Google Scholar 

  12. Fu, Y., Ren, M., Ma, F., Jiang, Y., Shi, H., Sun, J.: Evmfuzz: differential fuzz testing of Ethereum virtual machine (2019)

    Google Scholar 

  13. Fu, Y. et al.: Evmfuzzer: detect EVM vulnerabilities via fuzz testing. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1110–1114 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Software Engineering, Auburn University, Auburn, AL, 36849, USA

    Pinchen Cui & David Umphress

Authors
  1. Pinchen Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Umphress
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pinchen Cui .

Editor information

Editors and Affiliations

  1. Yonsei University, Seoul, Korea (Republic of)

    Noseong Park

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Dipartimento di Informatica, Universita degli Studi, Milan, Milano, Italy

    Sara Foresti

  4. University of Florida, Gainesville, FL, USA

    Kevin Butler

  5. Division of Nephrology, University of Alabama, Birmingham, AL, USA

    Nitesh Saxena

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cui, P., Umphress, D. (2020). Perturbing Smart Contract Execution Through the Underlying Runtime. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63095-9_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63094-2

  • Online ISBN: 978-3-030-63095-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation