Untitled

Who: Daniel Connelly
Advisor:  Wu-chang Feng
When: February 19th, 2pm
Where: FAB 86-01
Title: Smart Contract Vulnerabilities on the Ethereum Blockchain: A Current Perspective
Abstract:
Ethereum is a unique offshoot of blockchain technologies that incorporates the use of what are called smart contracts or Dapps – small-sized programs that orchestrate financial transactions on the Ethereum blockchain. With this fairly new paradigm in blockchain, however, comes a host of security concerns and a track record that reveals a history of losses in the range of millions of dollars. Since Ethereum is a decentralized entity, these concerns are not allayed as they are in typical financial institutions. For example, there is no Federal Deposit Insurance Corporation (FDIC) to back the investors of these contracts from financial loss as there is with bank depositors. Furthermore, there is also no Better Business Bureau (BBB) or Consumer Reports organization to offer any sort of ratings on these contracts.

However, there exists a well-known method for verifying a program’s integrity; a method called symbolic execution. Such an examination promises to give not only a perspective on the security of Ethereum, but also highlight areas where security experts may need to target to more quickly improve upon the security of this blockchain.

This paper proposes a solution to ensuring security and increasing end user confidence -- a digital registry of smart contracts that have security flaws in them. A rating system for contracts is proposed and the capabilities one has with knowledge of these vulnerabilities is examined. This research attempts to give a picture of the current state of security of Ethereum Smart Contracts by employing symbolic analysis on a portion of the Smart Contracts up until approximately the 8.4 millionth block.

Vulnerabilities in Smart Contracts may be prevalent and, if they are, a registry for enumerating which ones are can be built and potentially used to easily enumerate them.