Analysing Vulnerabilities in Smart Contracts

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Java Basic Training HaiNH - FQA. Agenda Introduction to Java Java Programming Environment Language Fundamental Object Oriented Programming with Java.
Introduction to Java Programming
COP4020 Programming Languages
Rainbow Facilitating Restorative Functionality Within Distributed Autonomic Systems Philip Miseldine, Prof. Taleb-Bendiab Liverpool John Moores University.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.
Implement High-level Program Language on JVM CSCE 531 ZHONGHAO LIU ZHONGHAO LIU XIAO LIN.
JIT in webkit. What’s JIT See time_compilation for more info. time_compilation.
Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
By: Cheryl Mok & Sarah Tan. Java is partially interpreted. 1. Programmer writes a program in textual form 2. Runs the compiler, which converts the textual.
JAVA Ekapap Julnonyang When it was implemented? Developed by Sun Microsystems. The first public implementation was Java 1.0 in 1995 The language.
EEL 5937 Mobile agents EEL 5937 Multi Agent Systems Lotzi Bölöni.
Text TCS INTERNAL Oracle PL/SQL – Introduction. TCS INTERNAL PL SQL Introduction PLSQL means Procedural Language extension of SQL. PLSQL is a database.
Review A program is… a set of instructions that tell a computer what to do. Programs can also be called… software. Hardware refers to… the physical components.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
Software, IEE Proceedings, Vol.152, Num.3, June 2005,Page(s): Prasanthi.S March, Java-based component framework for dynamic reconfiguration.
Generics, Exception and Undo Command. A Generic Stack Class AStack uses generic. In the main method, we have 2 instances of AStack, each type is Integer.
Distributed Systems Architectures. Topics covered l Client-server architectures l Distributed object architectures l Inter-organisational computing.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
When BPM meets Blockchain
Applications Active Web Documents Active Web Documents.
Blockchain Infrastructure for e-Science
A Blockchain Implementation
Chapter 14: System Protection
Managing The Internet of Things
Web Technologies IT230 Dr Mohamed Habib.
Chapter 1 Introduction to Computers, Programs, and Java
Operating System Concepts
Blockchain Introduction
Topic: Difference b/w JDK, JRE, JIT, JVM
Abstract Intrusion detection in networks is of practical interest in many applications such as detecting an intruder in a battlefield. The intrusion detection.
Oyente: Making Smart Contracts Smarter
Introduction to Blockchain & Ethereum
DAO for penetration testers
Introduction Enosis Learning.
Indexer AKEEL AHMED.
Intro to Solidity 2017 Edition Hudson Jameson.
Blockchain Adrian Zaragoza.
Chapter 14: Protection.
Ethereum Blockchain Development
Bugs in the Blockchain and “Contractual” Vulnerability
Introduction Enosis Learning.
Getting Started with Ethereum Private Blockchain
Security in Java Real or Decaf? cs205: engineering software
Chapter 14: Protection.
The Pentester’s View on Blockchain Projects
Kickoff Presentation Master’s Thesis: Identification of Programming Patterns in Solidity Franz Volland, 29th January 2018, Scientific advisor: Ulrich Gallersdörfer.
Distributed Ledger Technology (DLT) and Blockchain
A change of paradigm: how does Distributed Ledger fit with existing standards? Distributed Ledger technology offers a single, consistent and shared view.
Objectives In this lesson you will learn about: Need for servlets
.Net Framework Details Imran Rashid CTO at ManiWeber Technologies.
Hyperledger Fabric Composer Overview UW Blockchain Society, 10/29/2018
Swagatika (Jazz) Sarangi
Module 10: Implementing Managed Code in the Database
Solidity CS1951 L Spring February 2019 Maurice Herlihy
Ethereum Virtual Machine
Solidity Pitfalls and Hazards
Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts
Swagatika (Jazz) Sarangi
A Conceptual Model for Ethereum Blockchain Analytics
Exception Handling.
Swagatika (Jazz) Sarangi
Cross Site Request Forgery (CSRF)
What is A blockchain? B. RAMAMURTHY ©2019, ALL RIGHTS RESERVED
Explore Txs, block, blockchain in Bitcoin
Presentation transcript:

Analysing Vulnerabilities in Smart Contracts -By Shrutirupa Banerjiee

Topics Understanding Smart Contracts Security Issues in Smart Contracts

Understanding Smart Contracts Smart contracts are more alike with the concept of classes in object oriented programming Smart contracts represent self-autonomous and self-verifying agents stored in the blockchain. Once they are deployed in the blockchain they have their unique address which the users/clients can use to interact with and it is referred to as ‘contract account’. Also, the code that is stored in blockchain after deployment is a low-level stack- based bytecode (EVM code) representative of the high-level programming language (a JavaScript like language) in which the smart contracts are initially written. As a result, it can be said that since the bytecode is publicly available from the blockchain, smart contracts’ behaviour is completely predictable and its code can be inspected by every node in the network

Solidity Solidity is a contract-oriented programming language for writing smart contracts that run on the EVM. It is used for implementing smart contracts on various blockchain platforms.

Sample Code

What is an EVM??? Ethereum Virtual Machine or the EVM is designed to be the runtime environment for the smart contracts. The Ethereum Virtual Machine possesses its own programming language, known as the ‘EVM bytecode’. When code is written in higher-level programming languages such as Ethereum’s contract-orientated language Solidity, this code can then be compiled to the EVM bytecode, so that the Ethereum Virtual Machine can understand what has been written.

Security Implications Miners can take advantage of how they order operations in the Smart Contracts to benefit themselves, provided Miners are also the owners or users of the Smart Contracts Methods publicly defined in a Smart Contract can be called by anyone A vulnerable Smart Contract once deployed, can not be undone

Lets Analyse the issue!!!

Access Specifiers Public Private Internal External

Exception Handling Execution logic runs out of gas The logic invokes throw Inconsistent methods that throw exceptions

Invalid Random Entropy Sources Block.number Block.gaslimit Block.blockhash(block.number) Block.timestamp and many more Note: Miners can take advantage of this entropy because the above values can be manipulated

Sending Money through Smart Contracts Address.call.value() Address.send() Address.transfer() Note: All the above methods trigger fallback function in the contract

Invoking Contracts Directly Call() delegateCall() Directly -> ExternalContract.methodToInvoke()

Fallback Functions Called when no method matches from an external request Called when users send money through send(), transfer(), call.value() method Need payable modifier to receive money

Here are some more! Tx.origin Dynamic Libraries Transaction Order Dependence Timestamp Dependency

Some Famous Attacks Reentrancy Wrong Constructor Name Denial Of Service Integer Underflow/Overflow

Reentrancy

Wrong Constructor Name

Denial Of Service

Integer Underflow/Overflow

Any Questions???

References https://brage.bibsys.no/xmlui/bitstream/handle/11250/2479191/18400_FULLT EXT.pdf?sequence=1 https://www.youtube.com/watch?reload=9&v=apCGPh7tKhw https://eprint.iacr.org/2016/1007.pdf

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.