38 research outputs found
Understanding and Hardening Blockchain Network Security Against Denial of Service Attacks
This thesis aims to examine the security of a blockchain\u27s communication network. A blockchain relies on a communication network to deliver transactions. Understanding and hardening the security of the communication network against Denial-of-Service (DoS) attacks are thus critical to the well-being of blockchain participants. Existing research has examined blockchain system security in various system components, including mining incentives, consensus protocols, and applications such as smart contracts. However, the security of a blockchain\u27s communication network remains understudied.
In practice, a blockchain\u27s communication network typically consists of three services: RPC service, P2P network, and mempool. This thesis examines each service\u27s designs and implementations, discovers vulnerabilities that lead to DoS attacks, and uncovers the P2P network topology. Through systematic evaluations and measurements, the thesis confirms that real-world network services in Ethereum are vulnerable to DoS attacks, leading to a potential collapse of the Ethereum ecosystem. Besides, the uncovered P2P network topology in Ethereum mainnet suggests that critical nodes adopt a biased neighbor selection strategy in the mainnet. Finally, to fix the discovered vulnerabilities, practical mitigation solutions are proposed in this thesis to harden the security of Ethereum\u27s communication network
DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode
Smart contracts are Turing-complete programs running on the blockchain. They
are immutable and cannot be modified, even when bugs are detected. Therefore,
ensuring smart contracts are bug-free and well-designed before deploying them
to the blockchain is extremely important. A contract defect is an error, flaw
or fault in a smart contract that causes it to produce an incorrect or
unexpected result, or to behave in unintended ways. Detecting and removing
contract defects can avoid potential bugs and make programs more robust. Our
previous work defined 20 contract defects for smart contracts and divided them
into five impact levels. According to our classification, contract defects with
seriousness level between 1-3 can lead to unwanted behaviors, e.g., a contract
being controlled by attackers. In this paper, we propose DefectChecker, a
symbolic execution-based approach and tool to detect eight contract defects
that can cause unwanted behaviors of smart contracts on the Ethereum blockchain
platform. DefectChecker can detect contract defects from smart contracts
bytecode. We compare DefectChecker with key previous works, including Oyente,
Mythril and Securify by using an open-source dataset. Our experimental results
show that DefectChecker performs much better than these tools in terms of both
speed and accuracy. We also applied DefectChecker to 165,621 distinct smart
contracts on the Ethereum platform. We found that 25,815 of these smart
contracts contain at least one of the contract defects that belongs to impact
level 1-3, including some real-world attacks