429 research outputs found
Enabling Cross-chain Transactions: A Decentralized Cryptocurrency Exchange Protocol
Inspired by Bitcoin, many different kinds of cryptocurrencies based on
blockchain technology have turned up on the market. Due to the special
structure of the blockchain, it has been deemed impossible to directly trade
between traditional currencies and cryptocurrencies or between different types
of cryptocurrencies. Generally, trading between different currencies is
conducted through a centralized third-party platform. However, it has the
problem of a single point of failure, which is vulnerable to attacks and thus
affects the security of the transactions. In this paper, we propose a
distributed cryptocurrency trading scheme to solve the problem of centralized
exchanges, which can achieve trading between different types of
cryptocurrencies. Our scheme is implemented with smart contracts on the
Ethereum blockchain and deployed on the Ethereum test network. We not only
implement transactions between individual users, but also allow transactions
between multiple users. The experimental result proves that the cost of our
scheme is acceptable
Towards Safer Smart Contracts: A Survey of Languages and Verification Methods
With a market capitalisation of over USD 205 billion in just under ten years,
public distributed ledgers have experienced significant adoption. Apart from
novel consensus mechanisms, their success is also accountable to smart
contracts. These programs allow distrusting parties to enter agreements that
are executed autonomously. However, implementation issues in smart contracts
caused severe losses to the users of such contracts. Significant efforts are
taken to improve their security by introducing new programming languages and
advance verification methods. We provide a survey of those efforts in two
parts. First, we introduce several smart contract languages focussing on
security features. To that end, we present an overview concerning paradigm,
type, instruction set, semantics, and metering. Second, we examine verification
tools and methods for smart contract and distributed ledgers. Accordingly, we
introduce their verification approach, level of automation, coverage, and
supported languages. Last, we present future research directions including
formal semantics, verified compilers, and automated verification
Detecting Standard Violation Errors in Smart Contracts
We present SOLAR, a new analysis tool for automatically detecting standard
violation errors in Ethereum smart contracts.Given the Ethereum Virtual Machine
(EVM) bytecode of a smart contract and a user specified constraint or invariant
derived from a technical standard such as ERC-20,SOLAR symbolically executes
the contract, explores all possible execution paths, and checks whether it is
possible to initiate a sequence of malicious transactions to violate the
specified constraint or invariant. Our experimental results highlight the
effectiveness of SOLAR in finding new errors in smart con-tracts. Out of the
evaluated 779 ERC-20 and 310 ERC-721smart contracts, SOLAR found 255 standard
violation errors in 197 vulnerable contracts with only three false
positives.237 out of the 255 errors are zero-day errors that are not re-ported
before. Our results sound the alarm on the prevalence of standard violation
errors in critical smart contracts that manipulate publicly traded digital
asset
Characterizing Code Clones in the Ethereum Smart Contract Ecosystem
In this paper, we present the first large-scale and systematic study to
characterize the code reuse practice in the Ethereum smart contract ecosystem.
We first performed a detailed similarity comparison study on a dataset of 10
million contracts we had harvested, and then we further conducted a qualitative
analysis to characterize the diversity of the ecosystem, understand the
correlation between code reuse and vulnerabilities, and detect the plagiarist
DApps. Our analysis revealed that over 96% of the contracts had duplicates,
while a large number of them were similar, which suggests that the ecosystem is
highly homogeneous. Our results also suggested that roughly 9.7% of the similar
contract pairs have exactly the same vulnerabilities, which we assume were
introduced by code clones. In addition, we identified 41 DApps clusters,
involving 73 plagiarized DApps which had caused huge financial loss to the
original creators, accounting for 1/3 of the original market volume.Comment: 20 pages, 9 figure
Runtime Verification for Business Processes Utilizing the Bitcoin Blockchain
The usage of process choreographies and decentralized Business Process
Management Systems has been named as an alternative to centralized business
process orchestration. In choreographies, control over a process instance is
shared between independent parties, and no party has full control or knowledge
during process runtime. Nevertheless, it is necessary to monitor and verify
process instances during runtime for purposes of documentation, accounting, or
compensation.
To achieve business process runtime verification, this work explores the
suitability of the Bitcoin blockchain to create a novel solution for
choreographies. The resulting approach is realized in a fully-functional
software prototype. This software solution is evaluated in a qualitative
comparison. Findings show that our blockchain-based approach enables a seamless
execution monitoring and verification of choreographies, while at the same time
preserving anonymity and independence of the process participants. Furthermore,
the prototype is evaluated in a performance analysis
Applying Software Patterns to Address Interoperability in Blockchain-based Healthcare Apps
Since the inception of the Bitcoin technology, its underlying data
structure--the blockchain--has garnered much attention due to properties such
as decentralization, transparency, and immutability. These properties make
blockchains suitable for apps that require disintermediation through trustless
exchange, consistent and incorruptible transaction records, and operational
models beyond cryptocurrency. In particular, blockchain and its smart contract
capabilities have the potential to address healthcare interoperability issues,
such as enabling effective interactions between users and medical applications,
delivering patient data securely to a variety of organizations and devices, and
improving the overall efficiency of medical practice workflow. Despite the
interest in using blockchain for healthcare interoperability, however, little
information is available on the concrete architectural styles and patterns for
applying blockchain to healthcare apps. This paper provides an initial step in
filling this gap by showing: (1) the features and implementation challenges in
healthcare interoperability, (2) an end-to-end case study of a blockchain-based
healthcare app we are developing, and (3) how applying foundational software
patterns can help address common interoperability challenges faced by
blockchain-based healthcare apps.Comment: submitted to the 24th Pattern Languages of Programming conference,
October 22-25, 2017, Vancouver, Canad
An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks
The gas mechanism in Ethereum charges the execution of every operation to
ensure that smart contracts running in EVM (Ethereum Virtual Machine) will be
eventually terminated. Failing to properly set the gas costs of EVM operations
allows attackers to launch DoS attacks on Ethereum. Although Ethereum recently
adjusted the gas costs of EVM operations to defend against known DoS attacks,
it remains unknown whether the new setting is proper and how to configure it to
defend against unknown DoS attacks. In this paper, we make the first step to
address this challenging issue by first proposing an emulation-based framework
to automatically measure the resource consumptions of EVM operations. The
results reveal that Ethereum's new setting is still not proper. Moreover, we
obtain an insight that there may always exist exploitable under-priced
operations if the cost is fixed. Hence, we propose a novel gas cost mechanism,
which dynamically adjusts the costs of EVM operations according to the number
of executions, to thwart DoS attacks. This method punishes the operations that
are executed much more frequently than before and lead to high gas costs. To
make our solution flexible and secure and avoid frequent update of Ethereum
client, we design a special smart contract that collaborates with the updated
EVM for dynamic parameter adjustment. Experimental results demonstrate that our
method can effectively thwart both known and unknown DoS attacks with flexible
parameter settings. Moreover, our method only introduces negligible additional
gas consumption for benign users
SMACS: Smart Contract Access Control Service
Although blockchain-based smart contracts promise a ``trustless'' way of
enforcing agreements even with monetary consequences, they suffer from multiple
security issues. Many of these issues could be mitigated via an effective
access control system, however, its realization is challenging due to the
properties of current blockchain platforms (like lack of privacy, costly
on-chain resources, or latency). To address this problem, we propose the SMACS
framework, where updatable and sophisticated Access Control Rules (ACRs)} for
smart contracts can be realized with low cost. SMACS shifts the burden of
expensive ACRs validation and management operations to an off-chain
infrastructure, while implementing on-chain only lightweight token-based access
control. SMACS is flexible and in addition to simple access control lists can
easily implement rules enhancing the runtime security of smart contracts. With
dedicated ACRs backed by vulnerability-detection tools, SMACS can protect
vulnerable contracts after deployment. We fully implement SMACS and evaluate
it.Comment: IEEE/IFIP DSN'2
A Survey of Smart Contract Formal Specification and Verification
A smart contract is a computer program which allows users to define and
execute transactions automatically on top of the blockchain platform. Given the
significance of smart contracts in supporting important activities across
industry sectors including supply chain, finance, legal and medical services,
there is a strong demand for verification and validation techniques. Yet, the
vast majority of smart contracts lack any kind of formal specification, which
is essential for establishing their correctness. In this survey, we investigate
formal models and specifications of smart contracts presented in the literature
and present a systematic overview in order to understand the common trends. We
also discuss the current approaches used in verifying such property
specifications and identify gaps with the hope to recognize promising
directions for future work
LedgerGuard: Improving Blockchain Ledger Dependability
The rise of crypto-currencies has spawned great interest in their underlying
technology, namely, Blockchain. The central component in a Blockchain is a
shared distributed ledger. A ledger comprises series of blocks, which in turns
contains a series of transactions. An identical copy of the ledger is stored on
all nodes in a blockchain network. Maintaining ledger integrity and security is
one of the crucial design aspects of any blockchain platform. Thus, there are
typically built-in validation mechanisms leveraging cryptography to ensure the
validity of incoming blocks before committing them into the ledger. However, a
blockchain node may run over an extended period of time, during which the
blocks on the disk can may become corrupted due to software or hardware
failures, or due to malicious activity. This paper proposes LedgerGuard, a tool
to maintain ledger integrity by detecting corrupted blocks and recovering these
blocks by synchronizing with rest of the network. The experimental
implementation of LedgerGuard is based on Hyperledger Fabric, which is a
popular open source permissioned blockchain platform.Comment: 8 pages. Appears in 2018 International Conference on Blockchain
(ICBC
- …