A Survey on Ethereum Systems Security-Reference-Cited by-同舟云学术

A Survey on Ethereum Systems Security

Published:2021-05-31 Issue:3 Volume:53 Page:1-43
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Chen Huashan¹,Pendleton Marcus²,Njilla Laurent³,Xu Shouhuai¹^ORCID

Affiliation:

1. The University of Texas at San Antonio, San Antonio, TX, USA

2. U.S. Air Force Research Laboratory and 90 COS/CYD

3. U.S. Air Force Research Laboratory

Abstract

Blockchain technology is believed by many to be a game changer in many application domains. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency, the second generation (i.e., Blockchain 2.0), as represented by Ethereum, is an open and decentralized platform enabling a new paradigm of computing—Decentralized Applications (DApps) running on top of blockchains. The rich applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure cryptocurrency systems like Bitcoin. Since Ethereum is a new, yet complex, system, it is imperative to have a systematic and comprehensive understanding on its security from a holistic perspective, which was previously unavailable in the literature. To the best of our knowledge, the present survey, which can also be used as a tutorial, fills this void. We systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses. We draw insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.

Funder

ARO

NSF CREST

NSF

US AFRL

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3391195

Reference198 articles.

1. Ittay Eyal and Emin Gün Sirer. 2014. How to disincentivize large Bitcoin mining pools. Retrieved from http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/. Ittay Eyal and Emin Gün Sirer. 2014. How to disincentivize large Bitcoin mining pools. Retrieved from http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/.

2. Fabian Vogelsteller and Vitalik Buterin. 2015. ERC-20 Token Standard|Ethereum Improvement Proposals. Retrieved from https://eips.ethereum.org/EIPS/eip-20. Fabian Vogelsteller and Vitalik Buterin. 2015. ERC-20 Token Standard|Ethereum Improvement Proposals. Retrieved from https://eips.ethereum.org/EIPS/eip-20.

3. Ethereum Community Forum. 2015. Formal Verification for Solidity Contracts. Retrieved from https://forum.ethereum.org/discussion/3779/formal-verification-for-solidity-contracts. Ethereum Community Forum. 2015. Formal Verification for Solidity Contracts. Retrieved from https://forum.ethereum.org/discussion/3779/formal-verification-for-solidity-contracts.

4. Phil Daian. 2016. Analysis of the DAO exploit. Retrieved from http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/. Phil Daian. 2016. Analysis of the DAO exploit. Retrieved from http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/.

Cited by 253 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Vulnerability detection techniques for smart contracts: A systematic literature review;Journal of Systems and Software;2024-11

2. Survey on Quality Assurance of Smart Contracts;ACM Computing Surveys;2024-09-14

3. A Survey of Ethereum Smart Contract Security: Attacks and Detection;Distributed Ledger Technologies: Research and Practice;2024-09-09

4. Towards accountable and privacy-preserving blockchain-based access control for data sharing;Journal of Information Security and Applications;2024-09

5. Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts;Distributed Ledger Technologies: Research and Practice;2024-08-22