Protecting Existing Smart Contracts Against Attacks - Invited Talk

Author(s):

Davi, Lucas

Name of Event:

CYSMICS Picks Workshop

Location:

UC San Diego, CA, USA

Date:

28.02.2019

Abstract

Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Existing proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. We address this problem and develop a novel smart contract security technology, called Sereum (Secure Ethereum), which protects existing, deployed contracts in a backwards compatible way based on run-time monitoring and validation. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent re-entrancy attacks with a low false positive rate and negligible run-time overhead.