Print Email Facebook Twitter Security Evaluation of GoQuorum-based Smart Contracts Title Security Evaluation of GoQuorum-based Smart Contracts: A Case Study of Malfunctioning Access Control and Double-Spending Author Slager, Cheyenne (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Intelligent Systems) Contributor Liang, K. (mentor) Scharenborg, O.E. (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science and Engineering Project CSE3000 Research Project Date 2021-07-02 Abstract GoQuorum is an enterprise blockchain platform that supports smart contracts and allows for private transactions. Smart contracts enable automated payment while eliminating the need for third-party involvement. Previous attacks on smart contracts have already shown that existing vulnerabilities can lead to great financial losses. Yet, a study focusing specifically and exclusively on the security of GoQuorum-based smart contracts does not yet exist. This work evaluates two vulnerabilities: faulty use of tx.origin in authentication and private state divergence. Three attacks are demonstrated, leading to draining a contract's ether balance and double-spending. MythX is recommended to detect vulnerable code, while replacing tx.origin with msg.sender eliminates the vulnerability. It is concluded that Zero-Knowledge Proofs are a promising solution to validate transactions while maintaining privacy, although applying them to GoQuorum requires more research and development. Subject BlockchainGoQuorumSecuritysmart contractsprivacy To reference this document use: http://resolver.tudelft.nl/uuid:693159cd-8dee-453b-b7f6-f69dd1235b86 Part of collection Student theses Document type bachelor thesis Rights © 2021 Cheyenne Slager Files PDF Thesis_GoQuorum_based_Sma ... tracts.pdf 1.32 MB Close viewer /islandora/object/uuid:693159cd-8dee-453b-b7f6-f69dd1235b86/datastream/OBJ/view