DeepAI AI Chat
Log In Sign Up

Et tu, Blockchain? Outsmarting Smart Contracts via Social Engineering

09/17/2022
by   Nikolay Ivanov, et al.
Michigan State University
0

We reveal six zero-day social engineering attacks in Ethereum, and subdivide them into two classes: Address Manipulation and Homograph. We demonstrate the attacks by embedding them in source codes of five popular smart contracts with combined market capitalization of over $29 billion, and show that the attacks have the ability to remain dormant during the testing phase and activate only after production deployment. We analyze 85,656 open source smart contracts and find 1,027 contracts that can be directly used for performing social engineering attacks. For responsible disclosure, we contact seven smart contract security firms. In the spirit of open research, we make the source codes of the attack benchmark, tools, and datasets available to the public.

READ FULL TEXT

page 1

page 2

05/01/2021

Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts

Ethereum holds multiple billions of U.S. dollars in the form of Ether cr...
08/10/2019

Mutation Testing for Ethereum Smart Contract

Smart contract is a special program that manages digital assets on block...
12/14/2018

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Recently, a number of existing blockchain systems have witnessed major b...
07/09/2021

Why blockchain and smart contracts need semantic descriptions

We argue that there is a hierarchy of levels describing to that particul...
04/21/2021

Cyclic Arbitrage in Decentralized Exchange Markets

In May 2020, Uniswap V2 was officially launched on Ethereum. Uniswap V2 ...
07/07/2020

Economically Viable Randomness

We study the problem of providing blockchain applications with economica...