A Survey on Ethereum Systems Security
Top Cited Papers
- 12 June 2020
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in ACM Computing Surveys
- Vol. 53 (3), 1-43
- https://doi.org/10.1145/3391195
Abstract
Blockchain technology is believed by many to be a game changer in many application domains. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency, the second generation (i.e., Blockchain 2.0), as represented by Ethereum, is an open and decentralized platform enabling a new paradigm of computing—Decentralized Applications (DApps) running on top of blockchains. The rich applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure cryptocurrency systems like Bitcoin. Since Ethereum is a new, yet complex, system, it is imperative to have a systematic and comprehensive understanding on its security from a holistic perspective, which was previously unavailable in the literature. To the best of our knowledge, the present survey, which can also be used as a tutorial, fills this void. We systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses. We draw insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.Keywords
Funding Information
- ARO (W911NF-17-1-0566)
- NSF CREST (1736209)
- NSF (1814825)
- US AFRL (FA8750-19-1-0019)
This publication has 84 references indexed in Scilit:
- Demystifying Incentives in the Consensus ComputerPublished by Association for Computing Machinery (ACM) ,2015
- Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining CoalitionsPublished by Association for Computing Machinery (ACM) ,2015
- Secure High-Rate Transaction Processing in BitcoinPublished by Springer Science and Business Media LLC ,2015
- SoK: Research Perspectives and Challenges for Bitcoin and CryptocurrenciesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Cyber Epidemic Models with DependencesInternet Mathematics, 2014
- Majority Is Not Enough: Bitcoin Mining Is VulnerableLecture Notes in Computer Science, 2014
- Push- and pull-based epidemic spreading in networksACM Transactions on Autonomous and Adaptive Systems, 2012
- An overview of the K semantic frameworkThe Journal of Logic and Algebraic Programming, 2010
- Impossibility of distributed consensus with one faulty processJournal of the ACM, 1985
- Symbolic execution and program testingCommunications of the ACM, 1976