hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Identifying Threat Factors of Vulnerabilities in Ethereum Smart Contracts
Halmstad University, School of Information Technology.
Halmstad University, School of Information Technology.
2023 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Ethereum is one of the top blockchain platforms that represents this second generation of blockchain technology. However, the security vulnerabilities associated with smart contracts pose significant risks to confidentiality, integrity, and availability of applications supported by Ethereum. While several studies have enumerated various security issues in smart contracts, only a handful have identified the factors that determine the severity and potential of these issues to pose significant risks in practice. As its first contribution, this thesis presents a framework that identifies such factors and highlights the most critical security threats and vulnerabilities of Ethereum smart contracts. To achieve this, we conduct a comprehensive literature review to identify and categorize the vulnerabilities, assess their potential impact, and evaluate the likelihood of exploitation in real-life contracts. We classify the identified vulnerabilities based on their nature and severity and proposed mitigation recommendations. Our theoretical contribution is to establish a correlation between the security vulnerabilities of smart contracts and their potential impact on the security of smart contracts by identifying factors that pose a (practical) threat.

Our practical contribution involves developing a tool based on staticanalysis that can automatically detect at least one critical securityissue with the highest threat factor. For the target vulnerability, wechoose the usage of input from external users without any validation.This vulnerability, as we call it, Missing Input Validation (MIV), actsas a root cause for further (well-known and well-researched) issues,for instance, the flow of tainted values into sensitive operations suchas the transfer of cryptocurrencies and self destruct instruction. Weimplement the tool MIV Checker and evaluate its efficacy on a test setof 36 smart contracts. Our evaluation results show that MIV Checkercorrectly detects 87.6 % of instances of MIV in the dataset.

Place, publisher, year, edition, pages
2023. , p. 66
Keywords [en]
Smart contract, Blockchain, Ethereum, attacks, security vulnerabilities, security audits
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:hh:diva-50932OAI: oai:DiVA.org:hh-50932DiVA, id: diva2:1772764
Subject / course
Digital Forensics
Educational program
Master's Programme in Network Forensics, 60 credits
Supervisors
Examiners
Available from: 2023-05-24 Created: 2023-06-21 Last updated: 2023-08-21Bibliographically approved

Open Access in DiVA

fulltext(1062 kB)551 downloads
File information
File name FULLTEXT02.pdfFile size 1062 kBChecksum SHA-512
a601c38359af41c27e974577155abfc540940c819f9cf0be4acda995395e8384317e3ea1432ce7423b5ea498640553292ad7cd1eee768a278a61f185f775b63e
Type fulltextMimetype application/pdf

By organisation
School of Information Technology
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 552 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 506 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf