Smart contracts on blockchain platforms like Ethereum are increasingly used to automate complex transactions in a secure and transparent manner. However, ensuring their correctness and resistance to attacks remains a significant challenge. This paper presents a formal approach for modeling and assessing the security of Ethereum smart contracts using Abstract State Machines (ASMs). ASMs provide a rigorous framework for precisely describing smart contract behavior, including interactions with potentially malicious contracts. By modeling attackers as contracts designed to exploit known vulnerabilities, our method enables the systematic evaluation of a contract’s robustness in adversarial scenarios, thereby providing a quantifiable assessment of its security. We demonstrate this approach on a Solidity smart contract, assessing its resilience against three well-known vulnerabilities to illustrate the effectiveness of our security analysis.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security Assessment of Interacting Ethereum Smart Contracts

  • Chiara Braghin,
  • Elvinia Riccobene,
  • Simone Valentini

摘要

Smart contracts on blockchain platforms like Ethereum are increasingly used to automate complex transactions in a secure and transparent manner. However, ensuring their correctness and resistance to attacks remains a significant challenge. This paper presents a formal approach for modeling and assessing the security of Ethereum smart contracts using Abstract State Machines (ASMs). ASMs provide a rigorous framework for precisely describing smart contract behavior, including interactions with potentially malicious contracts. By modeling attackers as contracts designed to exploit known vulnerabilities, our method enables the systematic evaluation of a contract’s robustness in adversarial scenarios, thereby providing a quantifiable assessment of its security. We demonstrate this approach on a Solidity smart contract, assessing its resilience against three well-known vulnerabilities to illustrate the effectiveness of our security analysis.