Sponsor
Portland State University. Department of Computer Science
First Advisor
Wu-chang Feng
Term of Graduation
Winter 2020
Date of Publication
5-5-2020
Document Type
Thesis
Degree Name
Master of Science (M.S.) in Computer Science
Department
Computer Science
Language
English
Subjects
Smart contracts, Blockchains (Databases), Application software -- Security measures, Cryptocurrencies
DOI
10.15760/etd.7313
Physical Description
1 online resource (vii, 57 pages)
Abstract
Ethereum is a unique offshoot of blockchain technologies that incorporates the use of what are called smart contracts or DApps -- small-sized programs that orchestrate financial transactions on the Ethereum blockchain. With this fairly new paradigm in blockchain, however, comes a host of security concerns and a track record that reveals a history of losses in the range of millions of dollars. Since Ethereum is a decentralized entity, these concerns are not allayed as they are in typical financial institutions. For example, there is no Federal Deposit Insurance Corporation (FDIC) to back the investors of these contracts from financial loss as there is with bank depositors. Furthermore, there is also no Better Business Bureau (BBB) or Consumer Reports organization to offer any sort of ratings on these contracts.
However, there exists a well-known method for verifying a program's integrity; a method called symbolic execution. Such an examination promises to give not only a perspective on the security of Ethereum, but also highlight areas where security experts may need to target to more quickly improve upon the security of this blockchain.
This paper proposes a solution to ensuring security and increasing end user confidence -- a digital registry of smart contracts that have security flaws in them. A rating system for contracts is proposed and the capabilities one has with knowledge of these vulnerabilities is examined. This research attempts to give a picture of the current state of security of Ethereum Smart Contracts by employing symbolic analysis on a portion of the Smart Contracts up until approximately the 8.4 millionth block.
Vulnerabilities in Smart Contracts may be prevalent and, if they are, a registry for enumerating which ones are can be built and potentially used to easily enumerate them.
Rights
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/ This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
Persistent Identifier
https://archives.pdx.edu/ds/psu/33055
Recommended Citation
Connelly, Daniel Steven, "Smart Contract Vulnerabilities on the Ethereum Blockchain: a Current Perspective" (2020). Dissertations and Theses. Paper 5440.
https://doi.org/10.15760/etd.7313