Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysing Vulnerabilities in Smart Contracts

Published bySari Kyllönen Modified over 5 years ago

Similar presentations

Presentation on theme: "Analysing Vulnerabilities in Smart Contracts"— Presentation transcript:

1 Analysing Vulnerabilities in Smart Contracts
-By Shrutirupa Banerjiee

2 Topics Understanding Smart Contracts
Security Issues in Smart Contracts

3 Understanding Smart Contracts
Smart contracts are more alike with the concept of classes in object oriented programming Smart contracts represent self-autonomous and self-verifying agents stored in the blockchain. Once they are deployed in the blockchain they have their unique address which the users/clients can use to interact with and it is referred to as ‘contract account’. Also, the code that is stored in blockchain after deployment is a low-level stack- based bytecode (EVM code) representative of the high-level programming language (a JavaScript like language) in which the smart contracts are initially written. As a result, it can be said that since the bytecode is publicly available from the blockchain, smart contracts’ behaviour is completely predictable and its code can be inspected by every node in the network

4

5 Solidity Solidity is a contract-oriented programming language for writing smart contracts that run on the EVM. It is used for implementing smart contracts on various blockchain platforms.

6 Sample Code

7 What is an EVM??? Ethereum Virtual Machine or the EVM is designed to be the runtime environment for the smart contracts. The Ethereum Virtual Machine possesses its own programming language, known as the ‘EVM bytecode’. When code is written in higher-level programming languages such as Ethereum’s contract-orientated language Solidity, this code can then be compiled to the EVM bytecode, so that the Ethereum Virtual Machine can understand what has been written.

8 Security Implications
Miners can take advantage of how they order operations in the Smart Contracts to benefit themselves, provided Miners are also the owners or users of the Smart Contracts Methods publicly defined in a Smart Contract can be called by anyone A vulnerable Smart Contract once deployed, can not be undone

9 Lets Analyse the issue!!!

10 Access Specifiers Public Private Internal External

11 Exception Handling Execution logic runs out of gas
The logic invokes throw Inconsistent methods that throw exceptions

12 Invalid Random Entropy Sources
Block.number Block.gaslimit Block.blockhash(block.number) Block.timestamp and many more Note: Miners can take advantage of this entropy because the above values can be manipulated

13 Sending Money through Smart Contracts
Address.call.value() Address.send() Address.transfer() Note: All the above methods trigger fallback function in the contract

14 Invoking Contracts Directly
Call() delegateCall() Directly -> ExternalContract.methodToInvoke()

15 Fallback Functions Called when no method matches from an external request Called when users send money through send(), transfer(), call.value() method Need payable modifier to receive money

16 Here are some more! Tx.origin Dynamic Libraries
Transaction Order Dependence Timestamp Dependency

17 Some Famous Attacks Reentrancy Wrong Constructor Name
Denial Of Service Integer Underflow/Overflow

18 Reentrancy

19 Wrong Constructor Name

20 Denial Of Service

21 Integer Underflow/Overflow

22 Any Questions???

23 References EXT.pdf?sequence=1

24 Thank you

Download ppt "Analysing Vulnerabilities in Smart Contracts"

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
Java Basic Training HaiNH - FQA. Agenda Introduction to Java Java Programming Environment Language Fundamental Object Oriented Programming with Java.

Java Basic Training HaiNH - FQA. Agenda Introduction to Java Java Programming Environment Language Fundamental Object Oriented Programming with Java.
Introduction to Java Programming

Introduction to Java Programming
COP4020 Programming Languages

COP4020 Programming Languages
Rainbow Facilitating Restorative Functionality Within Distributed Autonomic Systems Philip Miseldine, Prof. Taleb-Bendiab Liverpool John Moores University.

Rainbow Facilitating Restorative Functionality Within Distributed Autonomic Systems Philip Miseldine, Prof. Taleb-Bendiab Liverpool John Moores University.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.

 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.
Implement High-level Program Language on JVM CSCE 531 ZHONGHAO LIU ZHONGHAO LIU XIAO LIN.

Implement High-level Program Language on JVM CSCE 531 ZHONGHAO LIU ZHONGHAO LIU XIAO LIN.
JIT in webkit. What’s JIT See time_compilation for more info.http://en.wikipedia.org/wiki/Just-in- time_compilation.

JIT in webkit. What’s JIT See time_compilation for more info. time_compilation.
Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.

Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.

1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
By: Cheryl Mok & Sarah Tan. Java is partially interpreted. 1. Programmer writes a program in textual form 2. Runs the compiler, which converts the textual.

By: Cheryl Mok & Sarah Tan. Java is partially interpreted. 1. Programmer writes a program in textual form 2. Runs the compiler, which converts the textual.
JAVA Ekapap Julnonyang 47541610. When it was implemented? Developed by Sun Microsystems. The first public implementation was Java 1.0 in 1995 The language.

JAVA Ekapap Julnonyang When it was implemented? Developed by Sun Microsystems. The first public implementation was Java 1.0 in 1995 The language.
EEL 5937 Mobile agents EEL 5937 Multi Agent Systems Lotzi Bölöni.

EEL 5937 Mobile agents EEL 5937 Multi Agent Systems Lotzi Bölöni.
Text TCS INTERNAL Oracle PL/SQL – Introduction. TCS INTERNAL - 2 - PL SQL Introduction PLSQL means Procedural Language extension of SQL. PLSQL is a database.

Text TCS INTERNAL Oracle PL/SQL – Introduction. TCS INTERNAL PL SQL Introduction PLSQL means Procedural Language extension of SQL. PLSQL is a database.
Review A program is… a set of instructions that tell a computer what to do. Programs can also be called… software. Hardware refers to… the physical components.

Review A program is… a set of instructions that tell a computer what to do. Programs can also be called… software. Hardware refers to… the physical components.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

Similar presentations

Ads by Google