Paper Info
Title
Security reinforcement for Ethereum virtual machine
Abstract
Smart contracts are more sensitive from a security perspective than other software due to several reasons. First, smart contracts are immutable thus cannot be easily patched once deployed. Second, smart contracts are directly tied to payments and can hold millions of dollars’ worth of digital currencies. Third, smart contracts are still a new practice thus do not have best coding practices and development lifecycles tailored for decentralized apps yet. Even though several testing and verification tools have been developed, smart contract vulnerabilities remain a clear and present danger. In this paper, we present an approach that is different from existing ones that attempt to eliminate vulnerabilities from smart contracts. Instead, we fortify Ethereum virtual machines (EVM) to stop dangerous transactions once vulnerabilities are detected in real-time. Since proving programs written in Turing-complete languages is undecidable, our approach complements current approaches by catching vulnerabilities and interrupts their executions during runtime. We have implemented our reinforcement on two widely used EVMs (js-evm and FISCO-BCOS-evm). The reinforced EVMs detects and interrupts all the vulnerabilities, 20% of them missed by testing tools, in 100 real smart contracts. Our approach is practical with less than 34% overhead. In fact, the reinforced FISCO-BCOS-evm has been integrated into the official release of FISCO-BCOS adopted by a large Chinese bank — WeBank.
Year
DOI
Venue
2021
10.1016/j.ipm.2021.102565
Information Processing & Management
Keywords
DocType
Volume
Ethereum virtual machine,Online reinforcement,Vulnerability,Smart contract
Journal
58
Issue
ISSN
Citations 
4
0306-4573
0
PageRank 
References 
Authors
0.34
23
7
Name
Order
Citations
PageRank
Fuchen Ma1122.96
Meng Ren2122.62
Ying Fu310433.62
Mingzhe Wang4468.23
Huizhong Li5112.62
Houbing Song61771172.26
Yu Jiang734656.49