Publikationen

Art der Publikation: Beitrag in Sammelwerk

Tutorial: Analyzing, Exploiting, and Patching Smart Contracts in Ethereum

Autor(en):
Giesen, Jens-Rene; Andreina, Sebastien; Rodler, Michael; Karame, Ghassan O.; Davi, Lucas
Titel des Sammelbands:
Proc. of 7th IEEE Secure Development Conference (SecDev)
Veröffentlichung:
2022
Zitation:
Download BibTeX

Kurzfassung

Smart contracts are programs which encode business logic and execute on the blockchain. While Ethereum is the most popular blockchain platform for smart contracts, an increasing number of new blockchain platforms are also able to support smart contract execution (e.g., Solana or Cardano). Security vulnerabilities in Ethereum smart contracts have demonstrated that writing secure smart contracts is highly challenging. This is exacerbated by the fact that the exploitation of buggy smart contracts seems disproportionately easier compared to exploiting classic PC software.

In this tutorial, we overview a number of smart contract vulnerabilities focusing on the Ethereum ecosystem. We also provide an introduction to the de-facto smart contract programming language Solidity and provide a comprehensive hands-on lab tutorial that involves analyzing vulnerable smart contracts, developing proof-of-concept exploits as well as introducing security analysis tools for testing smart contracts.