Security reinforcement for Ethereum virtual machine

Smart contracts are more sensitive from a security perspective than other software due to several reasons. First, smart contracts are immutable thus cannot be easily patched once deployed. Second, smart contracts are directly tied to payments and can hold millions of dollars’ worth of digital curren...

Full description

Saved in:
Bibliographic Details
Published in:Information processing & management 2021-07, Vol.58 (4), p.102565, Article 102565
Main Authors: Ma, Fuchen, Ren, Meng, Fu, Ying, Wang, Mingzhe, Li, Huizhong, Song, Houbing, Jiang, Yu
Format: Article
Language:English
Subjects:
Blockchain
Contracts
Digital currencies
Ethereum virtual machine
Online reinforcement
Programming languages
Security
Smart contract
Turing machines
Virtual environments
Vulnerability
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smart contracts are more sensitive from a security perspective than other software due to several reasons. First, smart contracts are immutable thus cannot be easily patched once deployed. Second, smart contracts are directly tied to payments and can hold millions of dollars’ worth of digital currencies. Third, smart contracts are still a new practice thus do not have best coding practices and development lifecycles tailored for decentralized apps yet. Even though several testing and verification tools have been developed, smart contract vulnerabilities remain a clear and present danger. In this paper, we present an approach that is different from existing ones that attempt to eliminate vulnerabilities from smart contracts. Instead, we fortify Ethereum virtual machines (EVM) to stop dangerous transactions once vulnerabilities are detected in real-time. Since proving programs written in Turing-complete languages is undecidable, our approach complements current approaches by catching vulnerabilities and interrupts their executions during runtime. We have implemented our reinforcement on two widely used EVMs (js-evm and FISCO-BCOS-evm). The reinforced EVMs detects and interrupts all the vulnerabilities, 20% of them missed by testing tools, in 100 real smart contracts. Our approach is practical with less than 34% overhead. In fact, the reinforced FISCO-BCOS-evm has been integrated into the official release of FISCO-BCOS adopted by a large Chinese bank — WeBank. •Detect dangerous transactions on blockchain in real time.•Support for 4 common types of smart contract vulnerabilities.•The reinforced EVM* has been implemented on two widely used EVMs, js-evm and FISCO-BCOS-evm.
ISSN:0306-4573
1873-5371
DOI:10.1016/j.ipm.2021.102565