Abstract
Blockchain technology is known as a decentralized, distributed ledger that records digital asset. It has been applied in numbers of aspects of society, including finance, judiciary and commerce. Ethereum is referred to as the next generation decentralized application platform. It is one of the most popular blockchain platforms that supports smart contracts. Smart contract is a set of codes that sored on blockchain and can be called and created as turing-complete programs running on the blockchain. Developers use smart contracts to build decentralized applications (Dapp) which has widely used cryptocurrency related project. As smart contracts become more popular and more valuable, they are faced with more risk of being hacked. As a result that smart contracts cannot be modified once deployed on the blockchain, it is a great challenge to fix and update deployed vulnerable contract which can lead to a huge loss of cryptocurrency and financial disorder. In this paper, we focus on Integer Bugs in Ethereum Smart Contracts and present ISmart, which protects deployed smart contracts against attacks caused by Integer Bugs. We implemented ISmart based on go-ethereum, a Ethereum client written in Go, by adding a simplified taint analysis component. In our preliminary, ISmart can prevent attacks accurately with little runtime overhead.
Highlights
Smart contract is a set of codes that sored on blockchain and can be called and created as turing-complete programs running on the blockchain
We focus on Integer Bugs in Ethereum Smart Contracts and present ISmart, which protects deployed smart contracts against attacks caused by Integer Bugs
We implemented ISmart based on go-ethereum, a Ethereum client written in Go, by adding a simplified taint analysis component
Summary
Since Satoshi Nakamoto first set the Bitcoin and blockchain into motion in 2008 [1], the massive adoption of Bitcoin has fueled innovation. With the development of blockchain, the emergence of Ethereum expands the function of bitcoin by Turing-complete smart contracts. Developers can create a new cryptocurrency with smart contract under an ERC Token Standard. The line 3 of smart contract code indicates a multiplication without overflow limitation. Academia proposed numerous different solutions to check smart contracts for vulnerabilities in static analysis, Oyente [8] is a symbolic execution tool which is used to find security bugs in smart contracts, Osiris [9] is a symbol execution tool based on Oyente, which focuses on handling integer errors, including overflow, symbol error and truncation error. The contributions of our work lay on the following aspects: We present ISmart, a simplified taint analysis component which protects deployed smart contracts against attacks caused by Integer Bugs. We run ISmart on real Ethereum smart contracts, and find that ISmart successfully interrupt dangerous transactions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
