1 A Survey on Ethereum Systems Security: Vulnerabilities, Attacks and Defenses Huashan Chen, Marcus Pendleton, Laurent Njilla, and Shouhuai Xu Abstract—The blockchain technology is believed by many to to represent autonomous programs, leading to a new paradigm be a game changer in many application domains, especially of Decentralized Applications (DApps) that run on top of financial applications. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for blockchains and consist of many interacting smart contracts. cryptocurrency purposes, the second generation (i.e., Blockchain The Ethereum system was launched in 2015 to support smart 2.0), as represented by Ethereum, is an open and decentralized contracts, while offering its inherent cryptocurrency known as platform enabling a new paradigm of computing — Decentralized Ether [5] and using an account-centered model (rather than Applications (DApps) running on top of blockchains. The rich the UTXO model mentioned above). Ethereum has become applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure the de facto standard platform for DApps. At the moment cryptocurrency systems like Bitcoin. Since Ethereum is a new, of writing, the market value of Ethereum is over US$31B yet complex, system, it is imperative to have a systematic and with approximately one million smart contracts executing on comprehensive understanding on its security from a holistic top of the Ethereum blockchain [6], [7]. The success of perspective, which is unavailable. To the best of our knowledge, Ethereum ushers in Blockchain 2.0, which goes much beyond the present survey, which can also be used as a tutorial, fills this void. In particular, we systematize three aspects of Ethereum the payment-centered Blockchain 1.0. systems security: vulnerabilities, attacks, and defenses. We draw While Ethereum facilitates semantically richer applications insights into, among other things, vulnerability root causes, attack than Bitcoin, it also enlarges the threat surface, as evidenced consequences, and defense capabilities, which shed light on future by the many high-profile attacks. One example is the DAO [8] research directions. attack in year 2016, in which case an attacker exploited the so- Index Terms—Blockchain, Ethereum, Security, Smart Con- called reentrancy vulnerability (which will be detailed later) tract, Vulnerabilities, Attacks, Defenses to steal approximately US$60M. In July 2017, a vulnerability in the Parity wallet contract caused the loss of US$31M [9]. In April 2018, the MyEtherWallet wallet fell victim to a I. INTRODUCTION BGP and DNS hijacking attack, enabling the hacker to steal The notion of blockchain was implicitly introduced in 2008 approximately US$17M [10]. These attacks highlight that our as the key underlying technique of the cryptocurrency known capabilities in securing the Ethereum system are limited. This as Bitcoin [1], which uses a transaction-centered model known should not be taken as a surprise because Ethereum is a as unspent transaction outputs (UTXO). In this model, a new programming paradigm with DApps running on top of blockchain is a distributed and public ledger, which records blockchains with many autonomous contracts. the payment transactions between parties over a peer-to-peer The motivation of the present survey is in three-fold of (P2P) network. Unlike traditional digital cash systems [2], in researchers, practitioners, and students. From the standpoint which there is a trusted third party (e.g., bank), there is no of a researcher who wants to investigate Ethereum security, trusted third party in a blockchain system in general and in there is a need for a source of systematized treatment on the Bitcoin in particular. Bitcoin is often referred to as Blockchain problems related to Ethereum security. Despite the fact that 1.0 because it only offers payment services. The innovation there have been some surveys, they did not offer a systematic arXiv:1908.04507v1 [cs.CR] 13 Aug 2019 of the Bitcoin system is its consensus protocol, which allows and comprehensive view on Ethereum vulnerabilities, attacks, mutually distrusting nodes in a P2P network to eventually and defenses as we do. While referring to the related prior reach a consensus on the outcome after executing payment work in Section I-B for details, we mention the following: transactions. Unlike traditional consensus protocols [3], the there is neither systematic understanding of the Ethereum participants are from an open network and are incentivized by vulnerabilities that have been discovered, nor systematic un- the payment of Bitcoins (or BTCs), which are “mined” through derstanding of their root causes; this may explain why there are a clever cryptographic hash function known as Proof-of-Work still a number of vulnerabilities that are completely open. From (PoW), an idea originally proposed as an anti-spam technique the standpoint of a practitioner, there is a need for a source of [4]. best practices and guiding principles. Industry has conducted Perhaps inspired by the success of Bitcoin as well as due diligence in summarizing many best practices [11], which the need to support semantically richer (than just payment) however may overwhelm practitioners. Therefore, it might be applications, the notion of smart contracts has been introduced more useful to have a small number of guiding principles that are easier to adopt in practice. From the standpoint of a student H. Chen and S. Xu are with the Department of Computer Science, who wants to learn about Ethereum security, there is a need University of Texas at San Antonio. M. Pendleton and L. Njilla are with the U.S. Air Force Research Laboratory, Rome, NY. Correspondence: for a succinct yet comprehensive and systematic source that [email protected] also offer references to materials of greater details. 2 A. Our contributions 1) Industry has come up with a significant set of best We provide a systematic and comprehensive survey on practices for guiding the development of smart contracts. Ethereum systems security. It is systematic in the sense that These best practices, if adequately executed, can indeed vulnerabilities, attacks, and defenses as well as the relation- avoid many vulnerabilities. ships between them are accommodated. It is comprehensive 2) Existing proactive defenses can defend against attacks in the sense that it covers both the Ethereum platform via that exploit many vulnerabilities; in contrast, existing a layered architecture and the environment in which the reactive defenses can only defend against attacks that Ethereum platform operates. In terms of vulnerabilities, we exploit a few vulnerabilities. enumerate 44 types of Ethereum vulnerabilities according to 3) There are large discrepancies between levels of effort the layers of the Ethereum architecture and the environment in and investment into different kinds of attacks (i.e., much which Ethereum operates. Perhaps more importantly, we ana- more investment into defending against high-profile at- lyze and systematize the root causes of those vulnerabilities. tacks than low-profile attacks). This allows us to provide insights into how to prevent some 4) Existing studies focus on defending against attacks that Ethereum vulnerabilities and how to cope with the inevitable attempt to exploit vulnerabilities in the DApp back-end vulnerabilities, including those that are largely open. Some of (i.e., smart contracts), but largely ignore the protection our findings and insights are highlighted as follows: of the DApp front-end (i.e., browser) and the interactions between the front-end and the back-end. 1) Ethereum smart contracts introduce new kinds of vul- nerabilities that do not have counterparts in traditional Although the present paper focuses on the Ethereum system, paradigm of applications. the aforementioned findings related to vulnerabilities, attacks 2) It is important to design more secure programming and defenses might be applicable to blockchain-based systems languages and supporting tools for programmers to write in general. Moreover, we discuss some fundamental research more secure smart contracts. problems that must be adequately tackled in order to secure 3) The vulnerabilities caused by the design and implemen- and defend Ethereum and blockchain-based systems, includ- tation of the Ethereum blockchain are harder to cope ing: with than vulnerabilities in the traditional paradigm. 1) There is a lack of deep understanding on the rigorously- 4) The vulnerabilities in the Ethereum environment are defined properties of blockchain-based systems. largely caused by human, usability, and networking 2) There is a lack of deep understanding on the rigorous factors. analysis methodologies that are necessary and sufficient 5) There are many vulnerabilities (e.g., outsourceable puz- for analyzing the desired properties of blockchain-based zle, 51% hashrate, and under-priced opcodes) that must systems. be tackled in order to adequately defend Ethereum or 3) There is a lack of deep understanding on the metrics that blockchain-based DApp systems in general. are necessary and sufficient for analyzing the security In terms of attacks, we systematize 26 attacks against and risk of blockchain-based systems. Ethereum according to the layers of the Ethereum architecture. In order to improve readability and ease the reference to the Perhaps more importantly, we relate these attacks to the large number of vulnerabilities,