Michael Rodler (University of Duisburg-Essen), Wenting Li (NEC Laboratories, Germany), Ghassan O. Karame (NEC Laboratories, Germany), Lucas Davi (University of Duisburg-Essen)

Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited.
In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent
attacks with a false positive rate as small as 0.06% and with negligible
run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

View More Papers

Vault: Fast Bootstrapping for the Algorand Cryptocurrency

Derek Leung (MIT CSAIL), Adam Suhl (MIT CSAIL), Yossi Gilad (MIT CSAIL), Nickolai Zeldovich (MIT CSAIL)

Read More

The Crux of Voice (In)Security: A Brain Study of...

Ajaya Neupane (University of California Riverside), Nitesh Saxena (University of Alabama at Birmingham), Leanne Hirshfield (Syracuse University), Sarah Elaine Bratt (Syracuse University)

Read More

DNS Cache-Based User Tracking

Amit Klein (Bar Ilan University), Benny Pinkas (Bar Ilan University)

Read More

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted...

Michael Schwarz (Graz University of Technology), Florian Lackner (Graz University of Technology), Daniel Gruss (Graz University of Technology)

Read More