Talks and Poster Presentations (with Proceedings-Entry):
M. Di Angelo, G. Salzer:
"Collateral Use of Deployment Code for Smart Contracts in Ethereum";
Talk: 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS),
Gran Canaria;
2019-06-24
- 2019-06-26; in: "2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS)",
IEEE,
(2019),
ISBN: 978-1-7281-1542-9;
1
- 5.
English abstract:
Ethereum is still the most prominent platform for smart contracts. For the deployment of contracts on its blockchain, the so-called deployment code is executed by Ethereum´s virtual machine. As it turns out, deployment code can do a lot more than merely deploying a contract.
This paper identifies less-anticipated uses of contract deployment in Ethereum by analyzing the available blockchain data. In particular, we analyze the specifics of deployment code used beyond actually deploying a contract in a quantitative and qualitative manner. To this end, we identify code patterns in deployment code by distilling recurring code skeletons from all external transactions and internal messages that contain deployment code. Tracking the use of these patterns reveals a set of vulnerabilities in contracts targeted by skillfully crafted deployment code. We summarize the encountered exploitative cases of collateral use of deployment code and report respective quantities. Example scenarios illustrate the recent usage.
Collateral use of deployment code starts to appear in the middle of 2018 and becomes dominant among contract creations in autumn of 2018. We intend to raise awareness about the less obvious uses of deployment code and its potential security issues.
Keywords:
analysis, deployment code, exploit, Ethereum, smart contract
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1109/NTMS.2019.8763828
Electronic version of the publication:
https://publik.tuwien.ac.at/files/publik_280078.pdf