NTMS 2019, 10th IFIP International Conference on New Technologies, Mobility and Security, 24-26 June 2019, Canary Islands, Spain
Ethereum is still the most prominent platform for smart contracts. For the deployment of contracts on its blockchain, the so-called deployment code is executed by
Ethereum's virtual machine. As it turns out, deployment code can do a lot more than merely deploying a contract. This paper identifies less-anticipated uses of contract deployment in Ethereum by analyzing the available blockchain data. In particular, we analyze the specifics of deployment code used beyond actually deploying a contract in a quantitative and qualitative manner. To this end, we identify code patterns in
deployment code by distilling recurring code skeletons from all external transactions and internal messages that contain deployment code. Tracking the use of these patterns reveals a set of vulnerabilities in contracts targeted by skillfully crafted deployment code. We summarize the encountered exploitative cases of collateral use of deployment code and report respective quantities. Example scenarios illustrate the recent usage. Collateral use of deployment code starts to appear in the middle of 2018 and becomes dominant among contract creations in autumn of 2018. We intend to raise awareness about the less
obvious uses of deployment code and its potential security issues.
Type:
Conférence
City:
Canary Islands
Date:
2019-06-24
Department:
Sécurité numérique
Eurecom Ref:
5934
Copyright:
© IFIP. Personal use of this material is permitted. The definitive version of this paper was published in NTMS 2019, 10th IFIP International Conference on New Technologies, Mobility and Security, 24-26 June 2019, Canary Islands, Spain and is available at : http://dx.doi.org/10.1109/NTMS.2019.8763828
See also:
