Securing Smart Contracts
Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this project, we address this problem and develop a novel smart contract security technology, called Sereum (Secure Ethereum), which protects existing, deployed contracts in a backwards compatible way based on run-time monitoring and validation.
By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent re-entrancy attacks with a false positive rate as small as 0.06% and with negligible run-time overhead.
For more information on Sereum, contact Michael Rodler.
You can find our NDSS 2019 paper Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks on the arxiv.org preprint server arxiv.org
During the development of Sereum, we identified several re-entrancy attack patterns, which are not covered by existing analysis tools. Source code of example contracts and attacks can be found on github. github.com