Defects and Vulnerabilities in Smart Contracts, a Classification using the NIST Bugs Framework

Int. J. Networked Distributed Comput. Pub Date : 2019-08-01 DOI:10.2991/IJNDC.K.190710.003

Wesley Dingman, Aviel Cohen, N. Ferrara, Adam Lynch, P. Jasinski, P. Black, Lin Deng

{"title":"Defects and Vulnerabilities in Smart Contracts, a Classification using the NIST Bugs Framework","authors":"Wesley Dingman, Aviel Cohen, N. Ferrara, Adam Lynch, P. Jasinski, P. Black, Lin Deng","doi":"10.2991/IJNDC.K.190710.003","DOIUrl":null,"url":null,"abstract":"The blockchain is analogous to a distributed ledger of transactions that is programmed to record the transfer and storage of anything of value [1]. Each computer connected to the network in the system acts as a node, receiving a copy of the blockchain and functioning as an “administrator” on the network, continually verifying data and ensuring security within the platform. The fundamental principle behind this technology is that the distributed network it operates on minimizes the risk of a single vulnerability point characteristic of a centralized database. While seemingly infallible, this technology has still been subject to exploitation by financially motivated attackers. The most famous instance, known as the DAO bug, occurred when an attacker utilized a “re-entrancy” vulnerability within an Ethereum smart contract that succeeded in stealing 60 million US$ [2]. For our research, we have decided to focus our attention on the Ethereum blockchain, presently the second most popular cryptocurrency with a current market valuation of roughly 13 billion US$ [3].","PeriodicalId":318936,"journal":{"name":"Int. J. Networked Distributed Comput.","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Networked Distributed Comput.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2991/IJNDC.K.190710.003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 34

Abstract

The blockchain is analogous to a distributed ledger of transactions that is programmed to record the transfer and storage of anything of value [1]. Each computer connected to the network in the system acts as a node, receiving a copy of the blockchain and functioning as an “administrator” on the network, continually verifying data and ensuring security within the platform. The fundamental principle behind this technology is that the distributed network it operates on minimizes the risk of a single vulnerability point characteristic of a centralized database. While seemingly infallible, this technology has still been subject to exploitation by financially motivated attackers. The most famous instance, known as the DAO bug, occurred when an attacker utilized a “re-entrancy” vulnerability within an Ethereum smart contract that succeeded in stealing 60 million US$ [2]. For our research, we have decided to focus our attention on the Ethereum blockchain, presently the second most popular cryptocurrency with a current market valuation of roughly 13 billion US$ [3].

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

智能合约中的缺陷和漏洞，使用NIST bug框架的分类

区块链类似于交易的分布式分类账，被编程为记录任何有价值的东西的转移和存储[1]。系统中连接到网络的每台计算机都充当节点，接收区块链的副本，并充当网络上的“管理员”，不断验证数据并确保平台内的安全性。这项技术背后的基本原则是，它所运行的分布式网络将集中式数据库的单个漏洞点的风险降到最低。虽然看起来万无一失，但这项技术仍然受到有经济动机的攻击者的利用。最著名的例子是DAO漏洞，攻击者利用以太坊智能合约中的“重入”漏洞成功窃取了6000万美元[2]。在我们的研究中，我们决定将注意力集中在以太坊区块链上，它目前是第二大最受欢迎的加密货币，目前的市场估值约为130亿美元[3]。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Int. J. Networked Distributed Comput.

自引率

0.00%

发文量