CISPA
Browse
cispa_all_2612.pdf (306.06 kB)

teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts

Download (306.06 kB)
conference contribution
posted on 2023-11-29, 18:08 authored by Johannes Krupp, Christian RossowChristian Rossow
Cryptocurrencies like Bitcoin not only provide a decentralized currency, but also provide a programmatic way to process transactions. Ethereum, the second largest cryptocurrency next to Bitcoin, is the first to provide a Turing-complete language to specify transaction processing, thereby enabling so-called smart contracts. This provides an opportune setting for attackers, as security vulnerabilities are tightly intertwined with financial gain. In this paper, we consider the problem of automatic vulnerability identification and exploit generation for smart contracts. We develop a generic definition of vulnerable contracts and use this to build TEE THER, a tool that allows creating an exploit for a contract given only its binary bytecode. We perform a large-scale analysis of all 38,757 unique Ethereum contracts, 815 out of which our tool finds working exploits for—completely automated.

History

Preferred Citation

Johannes Krupp and Christian Rossow. teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In: Usenix Security Symposium (USENIX-Security). 2018.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2018-07-02

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2612, title = "teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts", author = "Krupp, Johannes and Rossow, Christian", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2018", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC