Title
Your Smart Contracts Are Not Secure: Investigating Arbitrageurs and Oracle Manipulators in Ethereum
Author
Tjiam, Kevin (Student TU Delft)
Wang, R. (TU Delft Cyber Security)
Chen, H. (TU Delft Cyber Security)
Liang, K. (TU Delft Cyber Security)
Date
2021
Abstract
Smart contracts on Ethereum enable billions of dollars to be transacted in a decentralized, transparent and trustless environment. However, adversaries lie await in the Dark Forest, waiting to exploit any and all smart contract vulnerabilities in order to extract profits from unsuspecting victims in this new financial system. As the blockchain space moves at a breakneck pace, exploits on smart contract vulnerabilities rapidly evolve, and existing research quickly becomes obsolete. It is imperative that smart contract developers stay up to date on the current most damaging vulnerabilities and countermeasures to ensure the security of users' funds, and to collectively ensure the future of Ethereum as a financial settlement layer. This research work focuses on two smart contract vulnerabilities: transaction-ordering dependency and oracle manipulation. Combined, these two vulnerabilities have been exploited to extract hundreds of millions of dollars from smart contracts in the past year (2020-2021). For each of them, this paper presents: (1) a literary survey from recent (as of 2021) formal and informal sources; (2) a reproducible experiment as code demonstrating the vulnerability and, where applicable, countermeasures to mitigate the vulnerability; and (3) analysis and discussion on proposed countermeasures. To conclude, strengths, weaknesses and trade-offs of these countermeasures are summarised, inspiring directions for future research.
Subject
arbitrageurs
ethereum
oracle manipulator
security
smart contract
vulnerability
To reference this document use:
http://resolver.tudelft.nl/uuid:9d96e6e9-0203-46d1-9edd-1c8c4304571e
DOI
https://doi.org/10.1145/3474374.3486916
Publisher
Association for Computing Machinery (ACM)
ISBN
978-1-4503-8661-6
Source
CYSARM 2021 - Proceedings of the 3rd Workshop on Cyber-Security Arms Race, co-located with CCS 2021
Event
3rd Workshop on Cyber-Security Arms Race, CYSARM 2021, co-located with the ACM Conference on Computer and Communications Security, CCS 2021, 2021-11-19 → , Virtual, Online, Korea, Republic of
Series
CYSARM 2021 - Proceedings of the 3rd Workshop on Cyber-Security Arms Race, co-located with CCS 2021
Part of collection
Institutional Repository
Document type
conference paper
Rights
© 2021 Kevin Tjiam, R. Wang, H. Chen, K. Liang