{"title":"以太坊漏洞分类及其传播","authors":"Mirko Staderini, Caterina Palli, A. Bondavalli","doi":"10.1109/BCCA50787.2020.9274458","DOIUrl":null,"url":null,"abstract":"Blockchain technology is having an ever-increasing impact on distributed applications domain, since the adoption of Blockchain 2.0 led to the spread of smart contracts. In such a context, Ethereum is the framework with the highest diffusion in terms of smart contract’s development, with a consequent rise of exploitation of code vulnerabilities, some of which causing bad financial losses. For this reason, this paper focuses on the issues of Ethereum smart contracts implementation (made with the Turing-complete language Solidity), providing a comprehensive systematization of such vulnerabilities basing on a slice of the Common Weakness Enumeration (CWE). Moreover, some relevant propagation cases among different vulnerabilities and CWE groups, observed in exploited contracts, are highlighted.","PeriodicalId":218474,"journal":{"name":"2020 Second International Conference on Blockchain Computing and Applications (BCCA)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Classification of Ethereum Vulnerabilities and their Propagations\",\"authors\":\"Mirko Staderini, Caterina Palli, A. Bondavalli\",\"doi\":\"10.1109/BCCA50787.2020.9274458\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Blockchain technology is having an ever-increasing impact on distributed applications domain, since the adoption of Blockchain 2.0 led to the spread of smart contracts. In such a context, Ethereum is the framework with the highest diffusion in terms of smart contract’s development, with a consequent rise of exploitation of code vulnerabilities, some of which causing bad financial losses. For this reason, this paper focuses on the issues of Ethereum smart contracts implementation (made with the Turing-complete language Solidity), providing a comprehensive systematization of such vulnerabilities basing on a slice of the Common Weakness Enumeration (CWE). Moreover, some relevant propagation cases among different vulnerabilities and CWE groups, observed in exploited contracts, are highlighted.\",\"PeriodicalId\":218474,\"journal\":{\"name\":\"2020 Second International Conference on Blockchain Computing and Applications (BCCA)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 Second International Conference on Blockchain Computing and Applications (BCCA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BCCA50787.2020.9274458\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Second International Conference on Blockchain Computing and Applications (BCCA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BCCA50787.2020.9274458","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Classification of Ethereum Vulnerabilities and their Propagations
Blockchain technology is having an ever-increasing impact on distributed applications domain, since the adoption of Blockchain 2.0 led to the spread of smart contracts. In such a context, Ethereum is the framework with the highest diffusion in terms of smart contract’s development, with a consequent rise of exploitation of code vulnerabilities, some of which causing bad financial losses. For this reason, this paper focuses on the issues of Ethereum smart contracts implementation (made with the Turing-complete language Solidity), providing a comprehensive systematization of such vulnerabilities basing on a slice of the Common Weakness Enumeration (CWE). Moreover, some relevant propagation cases among different vulnerabilities and CWE groups, observed in exploited contracts, are highlighted.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
